r42351 - in /trunk/libanyevent-perl: Changes META.yml README debian/changelog lib/AnyEvent.pm lib/AnyEvent/Handle.pm lib/AnyEvent/Socket.pm lib/AnyEvent/TLS.pm
jawnsy-guest at users.alioth.debian.org
jawnsy-guest at users.alioth.debian.org
Fri Aug 21 20:55:07 UTC 2009
Author: jawnsy-guest
Date: Fri Aug 21 20:55:00 2009
New Revision: 42351
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=42351
Log:
* New upstream release
+ Bug fix: AnyEvent::Handle could cause hard crashes in Net::SSLeay
when using starttls with an illegal/uncreatable tls context
Modified:
trunk/libanyevent-perl/Changes
trunk/libanyevent-perl/META.yml
trunk/libanyevent-perl/README
trunk/libanyevent-perl/debian/changelog
trunk/libanyevent-perl/lib/AnyEvent.pm
trunk/libanyevent-perl/lib/AnyEvent/Handle.pm
trunk/libanyevent-perl/lib/AnyEvent/Socket.pm
trunk/libanyevent-perl/lib/AnyEvent/TLS.pm
Modified: trunk/libanyevent-perl/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libanyevent-perl/Changes?rev=42351&op=diff
==============================================================================
--- trunk/libanyevent-perl/Changes (original)
+++ trunk/libanyevent-perl/Changes Fri Aug 21 20:55:00 2009
@@ -1,4 +1,9 @@
Revision history for Perl extension AnyEvent.
+
+5.112 Fri Aug 21 13:59:04 CEST 2009
+ - AnyEvent::Handle could cause hard crashes in Net::SSLeay when
+ using starttls with an illegal/uncreatable tls context.
+ - port to broken win32 perls.
5.111 Sun Aug 16 18:44:36 CEST 2009
- perl errornously requires sockaddr_un structures returned by the
Modified: trunk/libanyevent-perl/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libanyevent-perl/META.yml?rev=42351&op=diff
==============================================================================
--- trunk/libanyevent-perl/META.yml (original)
+++ trunk/libanyevent-perl/META.yml Fri Aug 21 20:55:00 2009
@@ -11,7 +11,7 @@
},
"generated_by" : "ExtUtils::MakeMaker version 6.50",
"distribution_type" : "module",
- "version" : "5.111",
+ "version" : "5.112",
"name" : "AnyEvent",
"author" : [],
"license" : "unknown",
Modified: trunk/libanyevent-perl/README
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libanyevent-perl/README?rev=42351&op=diff
==============================================================================
--- trunk/libanyevent-perl/README (original)
+++ trunk/libanyevent-perl/README Fri Aug 21 20:55:00 2009
@@ -578,7 +578,7 @@
);
# this "blocks" (while handling events) till the callback
- # calls -<send
+ # calls ->send
$result_ready->recv;
Example: wait for a timer, but take advantage of the fact that condition
Modified: trunk/libanyevent-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libanyevent-perl/debian/changelog?rev=42351&op=diff
==============================================================================
--- trunk/libanyevent-perl/debian/changelog (original)
+++ trunk/libanyevent-perl/debian/changelog Fri Aug 21 20:55:00 2009
@@ -1,3 +1,11 @@
+libanyevent-perl (5.112-1) UNRELEASED; urgency=low
+
+ * New upstream release
+ + Bug fix: AnyEvent::Handle could cause hard crashes in Net::SSLeay
+ when using starttls with an illegal/uncreatable tls context
+
+ -- Jonathan Yu <frequency at cpan.org> Fri, 21 Aug 2009 12:54:38 -0400
+
libanyevent-perl (5.111-1) unstable; urgency=low
[ Jonathan Yu]
Modified: trunk/libanyevent-perl/lib/AnyEvent.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libanyevent-perl/lib/AnyEvent.pm?rev=42351&op=diff
==============================================================================
--- trunk/libanyevent-perl/lib/AnyEvent.pm (original)
+++ trunk/libanyevent-perl/lib/AnyEvent.pm Fri Aug 21 20:55:00 2009
@@ -594,7 +594,7 @@
);
# this "blocks" (while handling events) till the callback
- # calls -<send
+ # calls ->send
$result_ready->recv;
Example: wait for a timer, but take advantage of the fact that condition
@@ -1118,7 +1118,7 @@
use Carp ();
-our $VERSION = '5.111';
+our $VERSION = '5.112';
our $MODEL;
our $AUTOLOAD;
Modified: trunk/libanyevent-perl/lib/AnyEvent/Handle.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libanyevent-perl/lib/AnyEvent/Handle.pm?rev=42351&op=diff
==============================================================================
--- trunk/libanyevent-perl/lib/AnyEvent/Handle.pm (original)
+++ trunk/libanyevent-perl/lib/AnyEvent/Handle.pm Fri Aug 21 20:55:00 2009
@@ -1738,7 +1738,7 @@
$ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL ();
$ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ ();
- $tls = $self->{tls};
+ $tls = delete $self->{tls};
$ctx = $self->{tls_ctx};
local $Carp::CarpLevel = 1; # skip ourselves when creating a new context or session
Modified: trunk/libanyevent-perl/lib/AnyEvent/Socket.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libanyevent-perl/lib/AnyEvent/Socket.pm?rev=42351&op=diff
==============================================================================
--- trunk/libanyevent-perl/lib/AnyEvent/Socket.pm (original)
+++ trunk/libanyevent-perl/lib/AnyEvent/Socket.pm Fri Aug 21 20:55:00 2009
@@ -509,7 +509,7 @@
# sockaddr_un structures of maximum length (which is not, AFAICS, required
# by any standard). try to 0-pad structures for the benefit of those platforms.
-my $sa_un_zero = Socket::pack_sockaddr_un ""; $sa_un_zero ^= $sa_un_zero;
+my $sa_un_zero = eval { Socket::pack_sockaddr_un "" }; $sa_un_zero ^= $sa_un_zero;
sub unpack_sockaddr($) {
my $af = sockaddr_family $_[0];
Modified: trunk/libanyevent-perl/lib/AnyEvent/TLS.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libanyevent-perl/lib/AnyEvent/TLS.pm?rev=42351&op=diff
==============================================================================
--- trunk/libanyevent-perl/lib/AnyEvent/TLS.pm (original)
+++ trunk/libanyevent-perl/lib/AnyEvent/TLS.pm Fri Aug 21 20:55:00 2009
@@ -136,10 +136,13 @@
sending a SSLv2 hello, indicating the support for SSLv3 and TLSv1, but not
actually negotiating an (insecure) SSLv2 connection.
-Specifying a specific version is almost always wrong to use for a server,
-and often wrong for a client. If you only want to allow a specific
-protocol version, use the C<sslv2>, C<sslv3> or C<tlsv1> arguments
-instead.
+Specifying a specific version is almost always wrong to use for a server
+speaking to a wide variety of clients (e.g. web browsers), and often wrong
+for a client. If you only want to allow a specific protocol version, use
+the C<sslv2>, C<sslv3> or C<tlsv1> arguments instead.
+
+For new services it is usually a good idea to enforce a C<TLSv1> method
+from the beginning.
=item sslv2 => $enabled
@@ -151,7 +154,7 @@
=item tlsv1 => $enabled
-Enable or disable SSLv3 (normally I<enabled>).
+Enable or disable TLSv1 (normally I<enabled>).
=item verify => $enable
More information about the Pkg-perl-cvs-commits
mailing list