perl-IO-Socket-SSL/perl-IO-Socket-SSL.changes

459 lines
16 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Wed May 11 10:45:47 UTC 2011 - pascal.bleser@opensuse.org
- update to 1.43: no user-visible changes: fixes in testsuite
-------------------------------------------------------------------
Tue May 10 19:18:51 UTC 2011 - pascal.bleser@opensuse.org
- update to 1.42:
* add SSL_create_ctx_callback to have a way to adjust context on creation
RT#67799
* describe problem of fake memory leak because of big session cache and how
to fix it, see RT#68073
- changes from 1.41:
* fix issue in stop_SSL where it did not issue a shutdown of the SSL
connection if it first received the shutdown from the other side
-------------------------------------------------------------------
Wed May 4 10:55:36 UTC 2011 - coolo@opensuse.org
- updated to 1.40
- integrated patch from GAAS to get IDN support from URI.
https://rt.cpan.org/Ticket/Display.html?id=67676
- fix in exampel/async_https_server.
Thanks to DetlefPilzecker[AT]web[DOT]de for reporting
-------------------------------------------------------------------
Fri Mar 4 16:34:20 UTC 2011 - vcizek@novell.com
- update to 1.39
- fixed documentation of http verification: wildcards in cn is allowed
- close should undef _SSL_fileno, because the fileno is no longer
valid (SSL connection and socket are closed)
-------------------------------------------------------------------
Wed Jan 19 15:49:23 UTC 2011 - vcizek@novell.com
- update to 1.38
- fixed wildcards_in_cn setting for http (wrongly set in 1.34 to 1
instead of anywhere). Thanks to dagolden[AT]cpan[DOT]org for
reporting
https://rt.cpan.org/Ticket/Display.html?id=64864
-------------------------------------------------------------------
Thu Dec 16 13:34:57 CET 2010 - anicka@suse.cz
- update to 1.37
* don't complain about invalid certificate locations if user
explicitly set SSL_ca_path and SSL_ca_file to undef. Assume that
user knows what he is doing and will work around the problems
by itself.
* update documentation for SSL_verify_callback based on
-------------------------------------------------------------------
Tue Dec 7 15:02:25 CET 2010 - anicka@suse.cz
- update to 1.35 (fixes bnc#657907)
* if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot
be verified as valid it will no longer fall back to VERIFY_NONE
but throw an error.
-------------------------------------------------------------------
Wed Dec 1 13:33:05 UTC 2010 - coolo@novell.com
- switch to perl_requires macro
-------------------------------------------------------------------
Wed Nov 24 21:12:12 UTC 2010 - chris@computersalat.de
- recreated by cpanspec 1.78
o fix deps
- noarch pkg
- removed Obsoletes/Provides p_iossl
-------------------------------------------------------------------
Mon Nov 1 13:09:07 CET 2010 - anicka@suse.cz
- update to 1.34
* schema http for certificate verification changed to
wildcards_in_cn=1, because according to rfc2818 this is valid
and also seen in the wild
* if upgrading socket from inet to ssl fails due to handshake
problems the socket gets downgraded, but is still open.
* depreceate kill_socket, just use close()
-------------------------------------------------------------------
Thu Mar 25 17:42:20 CET 2010 - anicka@suse.cz
- update to 1.33
* attempt to make t/memleak_bad_handshake.t more stable, it fails
for unknown reason on various systems
* fix hostname checking: an IP should only be checked against
subjectAltName GEN_IPADD, never against GEN_DNS or CN.
-------------------------------------------------------------------
Tue Feb 23 16:22:22 CET 2010 - anicka@suse.cz
- update to 1.32
* Makefile.PL: die if Scalar::Util has no dualvar support instead of
only complaining.
-------------------------------------------------------------------
Wed Jan 13 16:34:59 CET 2010 - anicka@suse.cz
- update to 1.31
* add and export constants for SSL_VERIFY_*
* set SSL_use_cert if cert is given and not SSL_server
* support alternative CRL file with SSL_crl_file thanks to patch of
w[DOT]phillip[DOT]moore[AT]gmail[DOT]com
* make t/memleak_bad_handshake.t more stable (increase listen queue,
ignore errors on connect, don't run on windows..)
* t/memleak_bad_handshake.t don't write errors with ps to stderr,
-o vsize argument is not supported on all platforms, just skip
test then
* make sure that idn_to_ascii gets no \0 bytes from identity, because
it simply cuts the string their (using C semantics). Not really a
security problem because IDN like identity is provided by user in
hostname, not by certificate.
* fix test t/memleak_bad_handshake.t
* fixed thanks for version 1.28
* fix memleak when SSL handshake failed.
-------------------------------------------------------------------
Sun Jan 10 15:43:32 CET 2010 - jengelh@medozas.de
- enable parallel build
-------------------------------------------------------------------
Mon Aug 3 16:01:26 CEST 2009 - anicka@suse.cz
- update to 1.27
* changed possible local/utf-8 depended \w in some regex against more
explicit [a-zA-Z0-9_]. Fixed one regex, where it assumed, that service
names can't have '-' inside
* fixed bug https://rt.cpan.org/Ticket/Display.html?id=48131
where eli[AT]dvns[DOT]com reported warnings when perl -w was used.
While there made it more aware of errors in Net::ssl_write_all (return
undef not 0 in generic_write)
* SECURITY BUGFIX!
fix Bug in verify_hostname_of_cert where it matched only the prefix for
the hostname when no wildcard was given, e.g. www.example.org matched
against a certificate with name www.exam in it
Thanks to MLEHMANN for reporting
* t/nonblock.t: increase number of bytes written to fix bug with OS X 10.5
https://rt.cpan.org/Ticket/Display.html?id=47240
-------------------------------------------------------------------
Mon Apr 6 13:45:00 CEST 2009 - anicka@suse.cz
- update to 1.24
* add verify hostname scheme ftp, same as http
* renew test certificates again (root CA expired, now valid for
10 years)
-------------------------------------------------------------------
Mon Feb 23 16:49:53 CET 2009 - anicka@suse.cz
- update to 1.23
* if neither SSL_ca_file nor SSL_ca_path are known (e.g not given
and the default values have no existing file|path) disable
checking of certificates, but carp about the problem
* new test certificates, the old ones expired and caused tests
to fail
* Net::SSLeay stores verify callbacks inside hash and never clears
them, so set verify callback to NULL in destroy of context
-------------------------------------------------------------------
Tue Jan 20 17:50:47 CET 2009 - anicka@suse.cz
- update to 1.20
* only changes on test suite to make it ready for win32
* fix verfycn_name autodetection from PeerAddr/PeerHost
* fixed typo in argument: wildcars_in_cn -> wildcards_in_cn
* no code changes, publish v.16_3 as v.17 because it looks better
than v.16
* document win32 behavior regarding non-blocking and timeouts
* fix t/nonblock.t with workaround for problems with
IO::Socket::INET on some systems (Mac,5.6.2) where it cannot do
nonblocking connect and leaves socket blocked.
* make some tests less verbose by fixing diag in t/testlib.t
(send output to STDOUT not STDERR and prefix with '#')
* work around Bug in IO::Socket::INET6 on BSD systems
http://rt.cpan.org/Ticket/Display.html?id=39550
by setting Domain based on PeerAddr
* remove tests of recv/send from t/core.t. Might badly interact
with SSL handshake and cause crashes as seen on OS X 10.4
* IPv6 is enabled by default if IO::Socket::INET6 is available
* t/inet6.t for basic tests
- remove last patch (fixed in upstream)
-------------------------------------------------------------------
Mon Nov 17 16:45:47 CET 2008 - lnussel@suse.de
- fix typo that prevented wildcards in CN (bnc#445678)
-------------------------------------------------------------------
Mon Oct 6 15:05:26 CEST 2008 - anicka@suse.cz
- update to 1.16
* change code for SSL_check_crl to use X509_STORE_set_flags
instead of X509_STORE_CTX_set_flags
* change opened() to report -1 if the IO::Handle is open, but the
SSL connection failed, needed with HTTP::Daemon::SSL which will
send an error mssage over the unencrypted socket
-------------------------------------------------------------------
Wed Sep 10 16:58:20 CEST 2008 - anicka@suse.cz
- update to 1.15
* change internal behavior when SSL handshake failed (like when
verify callback returned an error) in the hope to fix spurios
errors in t/auto_verify_hostname.t
-------------------------------------------------------------------
Mon Aug 18 13:54:40 CEST 2008 - ro@suse.de
- hack to build also in buildservice where 127.0.0.1 can
resolve to the hostname instead of localhost
-------------------------------------------------------------------
Mon Aug 4 00:35:10 CEST 2008 - ro@suse.de
- update require for Net_SSLeay to Net-SSLeay
-------------------------------------------------------------------
Fri Jul 25 15:59:47 CEST 2008 - anicka@suse.cz
- update to 1.14
* added support for verification of hostname from certificate
including subjectAltNames, support for IDN etc
* automatic verification of hostnames with SSL_verifycn_scheme and
SSL_verifycn_name
* global setting of default context options like SSL_verifycn_scheme,
SSL_verify_mode with set_ctx_defaults
* fix import of inet4,inet6 which got broken within 1.13_X.
* clarified and enhanced debugging supppport
* put information into README regarding the supported
and recommanded version of Net::SSLeay
-------------------------------------------------------------------
Mon Jan 28 15:27:25 CET 2008 - anicka@suse.cz
- update to 1.13
* removed CLONE_SKIP which was added in 1.03 because this breaks
windows forking. Handled threads/windows forking better by
making sure that CTX from Net::SSLeay gets not freed multiple
times from different threads after cloning/forking
* removed setting LocalPort to 0 in tests, instead leave it undef
if a random port should be allocated.
-------------------------------------------------------------------
Thu Nov 1 15:42:58 CET 2007 - anicka@suse.cz
- update to 1.12
* treat timeouts of 0 for accept_SSL and connect_SSL like
no timeout, like IO::Socket does.
* fixed errors in accept_SSL which would work when called
from start_SSL but not from accept
* start_SSL, accept_SSL and connect_SSL have argument for
Timeout so that the SSL handshake will not block forever. Only
used if the socket is blocking. If not set the Timeout value
from the underlying IO::Socket is used
-------------------------------------------------------------------
Mon Oct 8 09:24:08 CEST 2007 - anicka@suse.cz
- update to 1.09
* new method stop_SSL as opposite of start_SSL
* try to make it clearer that thread support is buggy
* make sure that Scalar::Util has support for dualvar
(Makefile.PL,SSL.pm) because the perl*only version has
has no dualvar
-------------------------------------------------------------------
Mon Jun 11 09:36:41 CEST 2007 - anicka@suse.cz
- update to 1.07
* fix t/nonblock.t on systems which have by default a larger
socket buffer. Set SO_SNDBUF explicitly with setsockopt
to force smaller writes on the socket
- move testing to %check
-------------------------------------------------------------------
Tue May 15 16:10:34 CEST 2007 - anicka@suse.cz
- update to 1.06
* instead of setting undef args to '' in configure_SSL drop
them. This makes Net::SMTP::SSL working again because it
does not give LocalPort of '' to IO::Socket::INET any more
-------------------------------------------------------------------
Mon Apr 23 13:31:13 CEST 2007 - anicka@suse.cz
- update to 1.05
* make session cache working even if the IO::Socket::SSL object
was not created with IO::Socket::SSL->new but with
IO::Socket::SSL->start_SSL on an established socket
-------------------------------------------------------------------
Fri Mar 30 16:02:45 CEST 2007 - anicka@suse.cz
- update to 1.04
* added way to create SSL object with predefined session
cache
-------------------------------------------------------------------
Wed Mar 7 10:46:00 CET 2007 - anicka@suse.cz
- update to 1.03
* add CLONE_SKIP
-------------------------------------------------------------------
Wed Dec 13 12:18:37 CET 2006 - anicka@suse.cz
- update to 1.02
* added some info to BUGS and to BUGS section of pod
* added TELL and BINMODE to IO::Socket::SSL::SSL_HANDLE, even
if they do nothing useful.
* all tests allocate now the ports dynamically, so there should
be no longer a conflict with open ports on the system where
the tests run
-------------------------------------------------------------------
Thu Sep 14 12:24:11 CEST 2006 - anicka@suse.cz
- update to 1.01
* add support for Diffie Hellman Key Exchange.
* accept_SSL sets errors on $socket (the accepted socket)
not $self (the listening socket if called from accept)
* many bugfixes
-------------------------------------------------------------------
Mon Jul 24 14:54:30 CEST 2006 - anicka@suse.cz
- update to 0.993
* added test for sysread/syswrite behavior
* fix Makefile.PL to allow detectection of failures in PREREQ_PM
* fix problems with HTTP::Daemon::SSL
-------------------------------------------------------------------
Tue Jul 18 17:07:11 CEST 2006 - anicka@suse.cz
- update to 0.99
* Maintainer changed to <Steffen_Ullrich at genua dot de>
* Better support for nonblocking sockets
* Bugfixes
-------------------------------------------------------------------
Wed Jan 25 21:39:46 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Aug 1 12:46:17 CEST 2005 - mjancar@suse.cz
- update to 0.97
-------------------------------------------------------------------
Wed Sep 29 18:54:55 CEST 2004 - mls@suse.de
- use X509_STORE_set_flags instead of X509_STORE_CTX_set_flags
-------------------------------------------------------------------
Thu Aug 19 13:10:44 CEST 2004 - mjancar@suse.cz
- update to 0.96
-------------------------------------------------------------------
Thu Feb 26 16:06:13 CET 2004 - mjancar@suse.cz
- update to 0.95
-------------------------------------------------------------------
Sun Jan 11 11:30:00 CET 2004 - adrian@suse.de
- build as user
-------------------------------------------------------------------
Fri Aug 22 14:58:22 CEST 2003 - mjancar@suse.cz
- require the perl version we build with
-------------------------------------------------------------------
Thu Jul 24 13:21:17 CEST 2003 - mjancar@suse.cz
- update 0.94
-------------------------------------------------------------------
Thu Jul 17 16:44:45 CEST 2003 - mjancar@suse.cz
- adapt to perl-5.8.1
- use %perl_process_packlist
-------------------------------------------------------------------
Mon Jun 16 20:27:20 CEST 2003 - mjancar@suse.cz
- run make test
- fix filelist
-------------------------------------------------------------------
Tue May 20 12:40:04 CEST 2003 - mjancar@suse.cz
- remove unpackaged files
-------------------------------------------------------------------
Fri Dec 20 14:51:46 CET 2002 - prehak@suse.cz
- updated to 0.92
- added example directory
-------------------------------------------------------------------
Wed Dec 18 18:18:55 CET 2002 - prehak@suse.cz
- updated to version 0.901
-------------------------------------------------------------------
Thu Jul 11 11:01:40 CEST 2002 - prehak@suse.cz
- updated to version 0.81
- added demo, util and more to documetation
-------------------------------------------------------------------
Tue Jul 2 17:40:06 MEST 2002 - mls@suse.de
- remove race in .packlist generation
-------------------------------------------------------------------
Mon Jan 14 19:10:00 CET 2002 - rvasice@suse.cz
- update to version 0.80
-------------------------------------------------------------------
Fri Aug 24 14:19:33 CEST 2001 - rvasice@suse.cz
- removed make test - need network
-------------------------------------------------------------------
Tue Aug 14 15:54:06 CEST 2001 - rvasice@suse.cz
- update to version 0.79
- add make test
-------------------------------------------------------------------
Tue Mar 13 15:38:31 CET 2001 - cihlar@suse.cz
- update to version 0.77
-------------------------------------------------------------------
Fri Nov 10 11:34:51 CET 2000 - cihlar@suse.cz
- renamed p_iossl -> perl-IO-Socket-SSL
-------------------------------------------------------------------
Wed Aug 23 10:47:31 CEST 2000 - cihlar@suse.cz
- package created