Subject: CVS commit: pkgsrc/security/p5-Net-SSLeay
From: Thomas Klausner
Date: 2021-04-27 14:17:13
Message id: 20210427121714.13B0AFA95@cvs.NetBSD.org

Log Message:
p5-Net-SSLeay: update to 1.90.

1.90 2021-01-21
	- New stable release incorporating all changes from developer releases
	  1.89_01 to 1.89_05.
	- Summary of major changes since version 1.88:
	  - Formalised libssl version support policy: all stable versions of OpenSSL
	    in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and
	    all stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
	    The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3
	    implementation is not currently libssl-compatible.
	  - Added support for LibreSSL on Windows when built with Visual C++.
	  - Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and
	    several stack functions.
	  - Fixed crashes in the callback functions CTX_set_next_proto_select_cb and
	    CTX_set_alpn_select_cb.
	  - The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as
	    OpenSSL security level 2 (the default on many Linux distributions).

1.89_05 2021-01-21
	- Expose SSL_get_ciphers. Thanks to github user dylc5190.
	- Expose SSL_CIPHER_get_version and fix SSL_CIPHER_description
	  and SSL_CIPHER_get_bits. Also fixed and enhanced
	  documentation for these and related SSL_CIPHER functions.
	- Clarify libssl version support policy: all stable versions of OpenSSL in
	  the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and all
	  stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
	- Direct bug reports to the GitHub repository, since rt.cpan.org will shut
	  down on 2021-03-01.

1.89_04 2021-01-13
	- Fix crashes in the callback functions CTX_set_next_proto_select_cb() and
	  CTX_set_alpn_select_cb() caused by the use of a pointer returned by
	  SSL_select_next_proto() which may already have been freed under certain
	  circumstances. Fixes GH-222. Thanks to dylc5190 for the report.
	- Remove the dependency on the AES128-SHA cipher suite in the test script
	  64_ticket_sharing.t. Fixes GH-231.
	- Remove checks and warnings in Makefile.PL relating to the use of RSAref,
	  which was removed from OpenSSL in version 0.9.7.

1.89_03 2020-12-12
	- Expose the following functions:
	  - X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain
	  - sk_X509_pop, sk_X509_shift, sk_X509_unshift,
	  - sk_X509_insert, sk_X509_delete, sk_x509_value, sk_X509_num
	  Thanks to Dan Freed.
	- Correct the minimum OpenSSL version required for the following functions
	  to be made available (previously they were all declared to be present in
	  1.1.0-pre1, which caused Net::SSLeay to crash at run-time when built
	  against OpenSSL versions between 1.1.0-pre1 and 1.1.0-pre3):
	  - CTX_set_max_proto_version (added in 1.1.0-pre2)
	  - CTX_set_min_proto_version (added in 1.1.0-pre2)
	  - SESSION_up_ref (added in 1.1.0-pre4)
	  - set_max_proto_version (added in 1.1.0-pre2)
	  - set_min_proto_version (added in 1.1.0-pre2)
	- Correct the minimum OpenSSL version required for get_SSL_CTX and SSL_ctrl
	  to be made available (previously they were declared to be present from
	  0.9.8f onwards, when in reality they are available in all 0.9.8 versions).
	- Replace the PKI used by the test suite with one generated by the
	  generate-test-pki helper script. All entities in the new PKI have 2048-bit
	  RSA private keys and CSRs, certificates and CRLs with SHA-256 digests,
	  allowing the test suite to execute under OpenSSL security level 2 (now the
	  default security level for OpenSSL in many Linux distributions).
	- Initialise libssl consistently in the test suite.
	- Don't rely on the availability of specific SSL/TLS protocol versions or
	  cipher suites in the test suite; instead, dynamically select from any of
	  the available protocol versions and cipher suites permitted by libssl.
	  Fixes RT#132425. Thanks to Graham Ollis for the initial report of the test
	  suite failing on Ubuntu 20.04 with the Ubuntu-packaged OpenSSL, whose
	  configuration forbids the use of TLSv1.1 and below at run-time by default.

1.89_02 2020-08-07
	- Add support for the P_X509_CRL_add_extensions function. Thanks to
	  Manuel Mausz for the patch.
	- X509_get_subjectAltNames now knows how to return
	  GEN_RID. The returned value is an ASN OID in text format
	  with current maximum length of 2500 characters. Updated
	  t/local/33_x509_create_cert.t to use GEN_RID and all other
	  supported types with certificate request and signed
	  certificate. These relate to GitHub issue GH-149 opened by
	  s482dcaw.
	- Support for 64-bit Windows versions of OpenSSL from 1.0.0-beta1
	  through to 1.0.0b has been withdrawn due to malfunctions occurring in
	  Perl programs that use fork(). This mainly affects users of Strawberry
	  Perl x64 5.12.3.20180709, which ships with OpenSSL 1.0.0-beta4.
	  Affected users should build Net-SSLeay against OpenSSL 1.0.0c or
	  above; users of Strawberry Perl x64 5.12.3.20180709 may instead find
	  it easier to upgrade to Strawberry Perl x64 5.14.4.1 or above. See
	  https://github.com/radiator-software/p5-net-ssleay/issues/189 for more
	  information.

1.89_01 2020-03-22
	- Fix the repository URL in Makefile.PL (git:// rather than git@),
	  which was preventing it from being added to META.json. Thanks to
	  Dan Book.
	- When building Net-SSLeay, exit if an OpenSSL executable cannot be
	  found in PATH. Fixes RT#131060. Thanks to Nigel Horne for the report.
	- Remove non-OCSP external tests, many of which unnecessarily duplicate
	  local tests or fail for reasons outside of our control. Fixes
	  RT#129542. Thanks to Andreas Vögele for the bug report that
	  ultimately led to this change.
	- Add support for LibreSSL on Windows when built with Visual C++.
	  Thanks to Graham Ollis for the patch.
	- In SSL_CTX_free() and SSL_free(), clean callback-related data from
	  the global hash after freeing ctx, not before. This allows callbacks
	  to be executed during freeing. Thanks to Steffen Ullrich for the
	  patch.
	- t/local/07_sslecho.t started failing with OpenSSL 1.1.1e. Updated
	  the test file with missing calls to Net::SSLeay::shutdown(). Also
	  added one call in SSLeay.pm sslcat() function. Enabling SSLeay trace
	  level 3 showed 'unexpected eof while reading' errors which were added
	  to OpenSSL with commit db943f43. This fixes GitHub issue GH-160
	  reported by Brett T. Warden.
	- t/local/01_pod.t now requires Test::Pod 1.41 to work with Pod syntax
	  used with Net::SSLeay 1.88 and later. This fixes GitHub issue GH-147
	  reported by Ulrik Haugen.

Files:
RevisionActionfile
1.50modifypkgsrc/security/p5-Net-SSLeay/distinfo
1.97modifypkgsrc/security/p5-Net-SSLeay/Makefile