r39276 - in /trunk/libio-socket-ssl-perl: Changes META.yml SSL.pm debian/changelog t/verify_hostname.t

carnil-guest at users.alioth.debian.org carnil-guest at users.alioth.debian.org
Fri Jul 3 19:09:28 UTC 2009 

Author: carnil-guest
Date: Fri Jul  3 19:09:22 2009
New Revision: 39276

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=39276
Log:
new upstream version ready for review

Modified:
    trunk/libio-socket-ssl-perl/Changes
    trunk/libio-socket-ssl-perl/META.yml
    trunk/libio-socket-ssl-perl/SSL.pm
    trunk/libio-socket-ssl-perl/debian/changelog
    trunk/libio-socket-ssl-perl/t/verify_hostname.t

Modified: trunk/libio-socket-ssl-perl/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/Changes?rev=39276&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/Changes (original)
+++ trunk/libio-socket-ssl-perl/Changes Fri Jul  3 19:09:22 2009
@@ -1,3 +1,10 @@
+
+v1.26 2009.07.03
+- SECURITY BUGFIX! 
+  fix Bug in verify_hostname_of_cert where it matched only the prefix for 
+  the hostname when no wildcard was given, e.g. www.example.org matched
+  against a certificate with name www.exam in it
+  Thanks to MLEHMANN for reporting
 
 v1.25 2009.07.02
 - t/nonblock.t: increase number of bytes written to fix bug with OS X 10.5

Modified: trunk/libio-socket-ssl-perl/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/META.yml?rev=39276&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/META.yml (original)
+++ trunk/libio-socket-ssl-perl/META.yml Fri Jul  3 19:09:22 2009
@@ -1,6 +1,6 @@
 --- #YAML:1.0
 name:                IO-Socket-SSL
-version:             1.25
+version:             1.26
 abstract:            Nearly transparent SSL encapsulation for IO::Socket::INET.
 license:             ~
 author:              

Modified: trunk/libio-socket-ssl-perl/SSL.pm
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/SSL.pm?rev=39276&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/SSL.pm (original)
+++ trunk/libio-socket-ssl-perl/SSL.pm Fri Jul  3 19:09:22 2009
@@ -66,7 +66,7 @@
 	}) {
 		@ISA = qw(IO::Socket::INET);
 	}
-	$VERSION = '1.25';
+	$VERSION = '1.26';
 	$GLOBAL_CONTEXT_ARGS = {};
 
 	#Make $DEBUG another name for $Net::SSLeay::trace
@@ -1078,7 +1078,7 @@
 			$ip4 = inet_aton( $identity ) or croak "'$identity' is not IPv4, but neither IPv6 nor hostname";
 		} else {
 			# assume hostname
-			if ( $identity !~m{^[a-zA-Z0-9-_\.]+$} ) {
+			if ( $identity !~m{^[\w\-\.]+$} ) {
 				$identity = idn_to_ascii($identity) or
 					croak "Warning: Given name '$identity' could not be converted to IDNA!";
 			}
@@ -1100,7 +1100,7 @@
 			} elsif ( $wtyp eq 'leftmost' and $name =~m{^\*(\..+)$} ) {
 				$pattern = qr{^[\w\-]*\Q$1\E$}i;
 			} else {
-				$pattern = qr{^\Q$name}i;
+				$pattern = qr{^\Q$name\E$}i;
 			}
 			return $identity =~ $pattern;
 		};

Modified: trunk/libio-socket-ssl-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/debian/changelog?rev=39276&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/debian/changelog (original)
+++ trunk/libio-socket-ssl-perl/debian/changelog Fri Jul  3 19:09:22 2009
@@ -1,4 +1,4 @@
-libio-socket-ssl-perl (1.25-1) unstable; urgency=low
+libio-socket-ssl-perl (1.26-1) unstable; urgency=low
 
   [ Ryan Niebur ]
   * Remove Florian Ragwitz from Uploaders (Closes: #523230)

Modified: trunk/libio-socket-ssl-perl/t/verify_hostname.t
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libio-socket-ssl-perl/t/verify_hostname.t?rev=39276&op=diff
==============================================================================
--- trunk/libio-socket-ssl-perl/t/verify_hostname.t (original)
+++ trunk/libio-socket-ssl-perl/t/verify_hostname.t Fri Jul  3 19:09:22 2009
@@ -25,7 +25,7 @@
 	( eval { require Net::LibIDN } || eval { require Net::IDN::Encode } );
 
 $|=1;
-my $max = 37;
+my $max = 40;
 $max+=3 if $can_idn;
 print "1..$max\n";
 
@@ -88,6 +88,7 @@
 		'www-13.lala.other.local' => [],
 		'smtp.mydomain.local' => [qw(smtp ldap www)],
 		'xn--lwe-sna.idntest.local' => [qw(smtp ldap www)],
+		'smtp.mydomain.localizing.useless.local' => [],
 	);
 	if ( $can_idn ) {
 		# check IDN handling

More information about the Pkg-perl-cvs-commits mailing list