pool/perl-Net-SSLeay
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 705653 from devel:languages:perl

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/705653
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-Net-SSLeay?expand=0&rev=31
This commit is contained in:
Dominique Leuenberger 2019-06-01 07:43:23 +00:00 committed by Git OBS Bridge
commit b4fcb195ac
4 changed files with 139 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Net-SSLeay-1.86_07.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:28518e246f3c1b444a95518080e47ca15ad2a8eda53b682f1a2a36c0bf7843d8
size 416532

3
Net-SSLeay-1.88.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2000da483c8471a0b61e06959e92a6fca7b9e40586d5c828de977d3d2081cfdd
size 436215

133
perl-Net-SSLeay.changes
View File

@ -1,3 +1,136 @@
-------------------------------------------------------------------
Mon May 27 11:29:57 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Update to 1.88
1.88 2019-05-10
- New stable release incorporating all changes from developer
releases 1.86_01 to 1.86_11.
- From this release, Net-SSLeay is switching to an "odd/even"
developer/stable release version numbering system, like that of
many core modules (e.g. ExtUtils::MakeMaker): developer releases
will have an odd minor version number (and the usual "_xx" suffix),
and stable releases will have an even minor version number. This
means there is no Net-SSLeay 1.87.
- Summary of major changes since version 1.85:
- Mike McCauley has stepped down as maintainer. The new maintainers
are Chris Novakovic, Heikki Vatiainen and Tuure Vartiainen.
- The source code has moved from the now-defunct Debian Subversion
server (alioth.debian.org) to GitHub
(https://github.com/radiator-software/p5-net-ssleay).
- Net-SSLeay is provided under the terms of the Artistic License
2.0 - this has been the case since version 1.66, but references
to other licenses remained in the source code, causing ambiguity.
- Perl 5.8.1 or newer is now required to use Net-SSLeay. This has
already been the case for some time in practice, as the test
suite hasn't fully passed on Perl 5.6 for several years.
- Much-improved compatibility with OpenSSL 1.1.1, and improved
support for TLS 1.3.
- Fixed a long-standing bug in cb_data_advanced_put() that caused
memory leaks when callbacks were frequently added and removed.
- Support in the test suite for "hardened" OpenSSL configurations
that set a default security level of 2 or higher (e.g., in the
OpenSSL packages that ship with recent versions of Debian, Fedora
and Ubuntu).
1.86_11 2019-05-08
- Clarified Net-SSLeay's licensing terms: the module distribution has
been released under the terms of the Artistic License 2.0 since
version 1.66; references to other licenses have been removed. Fixes
RT#106314. Thanks to Kent Fredric for pointing out the ambiguity.
- Replace the HTTPS hosts in the external tests (some of which were
no longer online) with more resilient ones. Closes issue #26.
1.86_10 2019-05-04
- Use locally-generated certificate chain in local tests rather
than the Twitter one, which changes regularly and breaks the
test suite unnecessarily. Fixes RT#129201. Thanks to Petr Písař
for the report and patch, and Steffen Ullrich for an alternative
patch suggestion.
- In t/local/09_ctx_new.t, rather than checking that the functions
(CTX_)get_min_proto_version and (CTX_)get_max_proto_version return
0x0000 (indicating the lowest and highest versions supported by
libssl respectively, which is not the case if a run-time
configuration is enforcing a different minimum or maximum), just
check whether the returned value is one of those mentioned on the
SSL_CTX_set_min_proto_version(3) man page. Partially fixes
RT#128025. Thanks to Slaven Rezić and Dmytro Zagashev for the
downstream reports.
- Move from 1024-bit keys/certificates to 2048-bit keys/certificates
across the entire test suite. This removes the need to manually
set the security level to 1 in tests that used the old keys, and
fixes large numbers of test failures on modern Linux distributions
that set the minimum OpenSSL security level to 2. Fixes RT#126270
and the remainder of RT#128025. Thanks to Petr Písař and Slaven
Rezić for the downstream reports.
- In t/local/06_tcpecho.t and t/local/07_sslecho.t, connect to
127.0.0.1 instead of localhost. This fixes these tests when
executed inside a network sandbox that disrupts the behaviour of
gethostbyname(). Fixes RT#128207. Thanks to Kent Fredric for the
downstream report.
1.86_09 2019-03-12
- Add missing files to MANIFEST that prevented tests from passing
when installing from the 1.86_08 release tarball.
1.86_08 2019-03-12
- Add and fix functions needed to properly implement client
side session reuse for TLS 1.3 with using
CTX_sess_set_new_cb. Newly exposed functions:
SSL_SESSION_dup and SSL_SESSION_up_ref.
Fixed functions: i2d_SSL_SESSION and d2i_SSL_SESSION.
Thanks to Steffen Ullrich.
- Add functions functions to allow reading multiple pems from
file and creating untrusted chain: These functions allow you
to:
- Read in a PEM file with multiple certificates as a
STACK_OF(X509_INFO)
- Determine the size of the STACK_OF(X509_INFO) and value at
an index, which allows you to loop over the stack.
- Retrieve the X509 structure from each X509_INFO structure
in the stack.
Then you can create a new STACK_OF(X509) and push the X509
structures onto the new stack. You can then pass this
STACK_OF(X509) to X509_STORE_CTX_init which will allow you
to add additional untrusted certificates to the chain for
verification. Exposed functions are:
PEM_X509_INFO_read_bio
sk_X509_INFO_num
sk_X509_INFO_value
sk_X509_INFO_free
sk_X509_new_null
sk_X509_free
sk_X509_push
New function implemented by Net::SSLeay:
P_X509_INFO_get_x509
Thanks to Marc Reisner.
- Add functions and constants that are necessary to verify a
certificate using a hash directory outside of an SSL/TLS
connection. Newly exposed functions:
X509_STORE_CTX_init
X509_STORE_CTX_free
X509_STORE_new
X509_STORE_free
X509_STORE_add_lookup
X509_LOOKUP_hash_dir
X509_LOOKUP_add_dir
Newly exposed constants:
X509_FILETYPE_ASN1
X509_FILETYPE_DEFAULT
X509_FILETYPE_PEM
Thanks to Marc Reisner.
- Declare n_a in ssleay_set_psk_client_callback_invoke and
ssleay_ctx_set_psk_client_callback_invoke to avoid a compilation
error with Perl versions below 5.8.8. Fixes RT#128030. Thanks to
Graham Ollis for the report.
- Add X509_get0_serialNumber. Thanks to Marc Reisner.
- Enable Travis CI for LibreSSL 2.2.1, 2.7.5, 2.8.3 and 2.9.0
on Perl 5.20 and more recent.
- Expose the following functions for curve and group selection:
- CTX_set_ecdh_auto, set_ecdh_auto
- CTX_set1_curves_list, set1_curves_list
- CTX_set1_groups_list, set1_groups_list
Thanks to Steffen Ullrich.
-------------------------------------------------------------------
Tue Mar 5 14:04:18 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

7
perl-Net-SSLeay.spec
View File

@ -18,14 +18,13 @@
%define cpan_name Net-SSLeay
Name: perl-Net-SSLeay
Version: 1.86_07
Version: 1.88
Release: 0
Summary: Perl extension for using OpenSSL
License: Artistic-2.0
Group: Development/Libraries/Perl
URL: http://search.cpan.org/dist/Net-SSLeay/
#Source: http://www.cpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz
Source: https://cpan.metacpan.org/authors/id/R/RA/RADIATOR/%{cpan_name}-%{version}.tar.gz
URL: https://metacpan.org/release/%{cpan_name}
Source0: https://cpan.metacpan.org/authors/id/C/CH/CHRISN/%{cpan_name}-%{version}.tar.gz
BuildRequires: libopenssl-devel
BuildRequires: openssl
BuildRequires: perl