2021-04-27 14:17:13 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
p5-Net-SSLeay: update to 1.90.
1.90 2021-01-21
- New stable release incorporating all changes from developer releases
1.89_01 to 1.89_05.
- Summary of major changes since version 1.88:
- Formalised libssl version support policy: all stable versions of OpenSSL
in the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and
all stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3
implementation is not currently libssl-compatible.
- Added support for LibreSSL on Windows when built with Visual C++.
- Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and
several stack functions.
- Fixed crashes in the callback functions CTX_set_next_proto_select_cb and
CTX_set_alpn_select_cb.
- The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as
OpenSSL security level 2 (the default on many Linux distributions).
1.89_05 2021-01-21
- Expose SSL_get_ciphers. Thanks to github user dylc5190.
- Expose SSL_CIPHER_get_version and fix SSL_CIPHER_description
and SSL_CIPHER_get_bits. Also fixed and enhanced
documentation for these and related SSL_CIPHER functions.
- Clarify libssl version support policy: all stable versions of OpenSSL in
the 0.9.8 - 1.1.1 branches (with the exception of 0.9.8 - 0.9.8b) and all
stable releases of LibreSSL in the 2.0 - 3.1 series are supported.
- Direct bug reports to the GitHub repository, since rt.cpan.org will shut
down on 2021-03-01.
1.89_04 2021-01-13
- Fix crashes in the callback functions CTX_set_next_proto_select_cb() and
CTX_set_alpn_select_cb() caused by the use of a pointer returned by
SSL_select_next_proto() which may already have been freed under certain
circumstances. Fixes GH-222. Thanks to dylc5190 for the report.
- Remove the dependency on the AES128-SHA cipher suite in the test script
64_ticket_sharing.t. Fixes GH-231.
- Remove checks and warnings in Makefile.PL relating to the use of RSAref,
which was removed from OpenSSL in version 0.9.7.
1.89_03 2020-12-12
- Expose the following functions:
- X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain
- sk_X509_pop, sk_X509_shift, sk_X509_unshift,
- sk_X509_insert, sk_X509_delete, sk_x509_value, sk_X509_num
Thanks to Dan Freed.
- Correct the minimum OpenSSL version required for the following functions
to be made available (previously they were all declared to be present in
1.1.0-pre1, which caused Net::SSLeay to crash at run-time when built
against OpenSSL versions between 1.1.0-pre1 and 1.1.0-pre3):
- CTX_set_max_proto_version (added in 1.1.0-pre2)
- CTX_set_min_proto_version (added in 1.1.0-pre2)
- SESSION_up_ref (added in 1.1.0-pre4)
- set_max_proto_version (added in 1.1.0-pre2)
- set_min_proto_version (added in 1.1.0-pre2)
- Correct the minimum OpenSSL version required for get_SSL_CTX and SSL_ctrl
to be made available (previously they were declared to be present from
0.9.8f onwards, when in reality they are available in all 0.9.8 versions).
- Replace the PKI used by the test suite with one generated by the
generate-test-pki helper script. All entities in the new PKI have 2048-bit
RSA private keys and CSRs, certificates and CRLs with SHA-256 digests,
allowing the test suite to execute under OpenSSL security level 2 (now the
default security level for OpenSSL in many Linux distributions).
- Initialise libssl consistently in the test suite.
- Don't rely on the availability of specific SSL/TLS protocol versions or
cipher suites in the test suite; instead, dynamically select from any of
the available protocol versions and cipher suites permitted by libssl.
Fixes RT#132425. Thanks to Graham Ollis for the initial report of the test
suite failing on Ubuntu 20.04 with the Ubuntu-packaged OpenSSL, whose
configuration forbids the use of TLSv1.1 and below at run-time by default.
1.89_02 2020-08-07
- Add support for the P_X509_CRL_add_extensions function. Thanks to
Manuel Mausz for the patch.
- X509_get_subjectAltNames now knows how to return
GEN_RID. The returned value is an ASN OID in text format
with current maximum length of 2500 characters. Updated
t/local/33_x509_create_cert.t to use GEN_RID and all other
supported types with certificate request and signed
certificate. These relate to GitHub issue GH-149 opened by
s482dcaw.
- Support for 64-bit Windows versions of OpenSSL from 1.0.0-beta1
through to 1.0.0b has been withdrawn due to malfunctions occurring in
Perl programs that use fork(). This mainly affects users of Strawberry
Perl x64 5.12.3.20180709, which ships with OpenSSL 1.0.0-beta4.
Affected users should build Net-SSLeay against OpenSSL 1.0.0c or
above; users of Strawberry Perl x64 5.12.3.20180709 may instead find
it easier to upgrade to Strawberry Perl x64 5.14.4.1 or above. See
https://github.com/radiator-software/p5-net-ssleay/issues/189 for more
information.
1.89_01 2020-03-22
- Fix the repository URL in Makefile.PL (git:// rather than git@),
which was preventing it from being added to META.json. Thanks to
Dan Book.
- When building Net-SSLeay, exit if an OpenSSL executable cannot be
found in PATH. Fixes RT#131060. Thanks to Nigel Horne for the report.
- Remove non-OCSP external tests, many of which unnecessarily duplicate
local tests or fail for reasons outside of our control. Fixes
RT#129542. Thanks to Andreas Vögele for the bug report that
ultimately led to this change.
- Add support for LibreSSL on Windows when built with Visual C++.
Thanks to Graham Ollis for the patch.
- In SSL_CTX_free() and SSL_free(), clean callback-related data from
the global hash after freeing ctx, not before. This allows callbacks
to be executed during freeing. Thanks to Steffen Ullrich for the
patch.
- t/local/07_sslecho.t started failing with OpenSSL 1.1.1e. Updated
the test file with missing calls to Net::SSLeay::shutdown(). Also
added one call in SSLeay.pm sslcat() function. Enabling SSLeay trace
level 3 showed 'unexpected eof while reading' errors which were added
to OpenSSL with commit db943f43. This fixes GitHub issue GH-160
reported by Brett T. Warden.
- t/local/01_pod.t now requires Test::Pod 1.41 to work with Pod syntax
used with Net::SSLeay 1.88 and later. This fixes GitHub issue GH-147
reported by Ulrik Haugen.
|
2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) |
Log message:
*: bump PKGREVISION for perl-5.32.
|
2020-03-22 22:15:30 by Nia Alarie | Files touched by this commit (2) |
Log message:
p5-Net-SSLeay: Update to 1.88
1.88 2019-05-10
- New stable release incorporating all changes from developer
releases 1.86_01 to 1.86_11.
- From this release, Net-SSLeay is switching to an "odd/even"
developer/stable release version numbering system, like that of
many core modules (e.g. ExtUtils::MakeMaker): developer releases
will have an odd minor version number (and the usual "_xx" suffix),
and stable releases will have an even minor version number. This
means there is no Net-SSLeay 1.87.
- Summary of major changes since version 1.85:
- Mike McCauley has stepped down as maintainer. The new maintainers
are Chris Novakovic, Heikki Vatiainen and Tuure Vartiainen.
- The source code has moved from the now-defunct Debian Subversion
server (alioth.debian.org) to GitHub
(https://github.com/radiator-software/p5-net-ssleay).
- Net-SSLeay is provided under the terms of the Artistic License
2.0 - this has been the case since version 1.66, but references
to other licenses remained in the source code, causing ambiguity.
- Perl 5.8.1 or newer is now required to use Net-SSLeay. This has
already been the case for some time in practice, as the test
suite hasn't fully passed on Perl 5.6 for several years.
- Much-improved compatibility with OpenSSL 1.1.1, and improved
support for TLS 1.3.
- Fixed a long-standing bug in cb_data_advanced_put() that caused
memory leaks when callbacks were frequently added and removed.
- Support in the test suite for "hardened" OpenSSL configurations
that set a default security level of 2 or higher (e.g., in the
OpenSSL packages that ship with recent versions of Debian, Fedora
and Ubuntu).
|
2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836) |
Log message:
*: Recursive revision bump for openssl 1.1.1.
|
2019-10-14 14:54:23 by Ryosuke Moro | Files touched by this commit (1) |
Log message:
BUILD_DEPENDS -> TEST_DEPENDS
|
2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) |
Log message:
Bump PKGREVISIONs for perl 5.30.0
|
2019-06-30 22:17:50 by Nia Alarie | Files touched by this commit (1816) |
Log message:
Update packages using a search.cpan.org HOMEPAGE to metacpan.org.
The former now redirects to the latter.
This covers the most simple cases where http://search.cpan.org/dist/name
can be changed to https://metacpan.org/release/name.
Reviewed by hand to hopefully make sure no unwanted changes sneak in.
|
2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558) |
Log message:
Recursive bump for perl5-5.28.0
|
2018-03-14 08:56:50 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
p5-Net-SSLeay: update to 1.85.
1.85 2018-03-14
Preparations for transferring maintenace to a new maintainer
Fixed test failure in t/local/33_x509_create_cert.t for some version of OpenSSL.
Fixed free() error that causes "Free to wrong pool ..." merssage on \
Windows.
Reported and patched by Steffen Ullrich.
|
2018-01-19 10:44:36 by Thomas Klausner | Files touched by this commit (1) |
Log message:
p5-Net-SSLeay: switch TEST_DEPENDS back to BUILD_DEPENDS
In pbulk with PKGSRC_RUN_TESTS, test dependencies are not installed
but expected.
|