diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index d3a008ad2..71d2c16fd 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -75,6 +75,7 @@ body: label: GLPI Agent version description: What GLPI agent version is triggering this issue ? options: + - 1.6.1 - 1.6 - 1.5 - 1.4 diff --git a/Changes b/Changes index babf77664..bc41f2d87 100644 --- a/Changes +++ b/Changes @@ -2,6 +2,14 @@ Revision history for GLPI agent 1.7 not yet released +1.6.1 Fri, 17 Nov 2023 + +core: +* fix #530: Also include Mozilla::CA default store when including windows keystore + or macosx keychains certificates as IO::Socket::SSL can't no more use them since + LWP::Protocol::https update. + This fixes SSL connection issues appeared with 1.6 release. + 1.6 Wed, 15 Nov 2023 core: diff --git a/Makefile.PL b/Makefile.PL index b685cfbd6..ce4d473a5 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -14,7 +14,7 @@ include 'Module::AutoInstall'; abstract 'GLPI unified Agent for UNIX, Linux, Windows and MacOSX'; license 'gpl'; repository 'https://github.com/glpi-project/glpi-agent'; -version '1.7-dev'; +version '1.6.1'; perl_version '5.008'; authors 'Teclib Editions'; diff --git a/contrib/windows/glpi-agent-deployment.vbs b/contrib/windows/glpi-agent-deployment.vbs index 0eef32c20..319862cda 100644 --- a/contrib/windows/glpi-agent-deployment.vbs +++ b/contrib/windows/glpi-agent-deployment.vbs @@ -64,7 +64,7 @@ Dim Setup, SetupArchitecture, SetupLocation, SetupNightlyLocation, SetupOptions, ' SetupVersion ' Setup version with the pattern ..[-] ' -SetupVersion = "1.6" +SetupVersion = "1.6.1" ' When using a nightly built version, uncomment the following SetupVersion definition line ' replacing gitABCDEFGH with the most recent git revision found on the nightly builds site diff --git a/debian/changelog b/debian/changelog index d91436e0d..bd7705161 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +glpi-agent (1:1.6.1-1) unstable; urgency=medium + + * New upstream release 1.6.1 + + -- Guillaume Bougard Fri, 17 Nov 2023 16:14:00 +0100 + glpi-agent (1:1.6-1) unstable; urgency=medium * New upstream release 1.6 diff --git a/lib/GLPI/Agent/HTTP/Client.pm b/lib/GLPI/Agent/HTTP/Client.pm index 66e3ef971..f38320019 100644 --- a/lib/GLPI/Agent/HTTP/Client.pm +++ b/lib/GLPI/Agent/HTTP/Client.pm @@ -377,6 +377,10 @@ sub _KeyChain_or_KeyStore_Export { return $_SSL_ca->{_certs} if $_SSL_ca->{_expiration} && time < $_SSL_ca->{_expiration}; + # Free stored certificates + IO::Socket::SSL::Utils::CERT_free(@{$_SSL_ca->{_certs}}) + if ref($_SSL_ca->{_certs}) eq 'ARRAY'; + $logger->debug( _log_prefix . ($_SSL_ca ? "Updating" : "Reading") . " $basename known certificates" @@ -476,6 +480,13 @@ sub _KeyChain_or_KeyStore_Export { } } + # Always include default CA file from Mozilla::CA + if (Mozilla::CA->require()) { + my $cacert = Mozilla::CA::SSL_ca_file(); + push @certs, IO::Socket::SSL::Utils::PEM_file2certs($cacert) + if -e $cacert; + } + # Update class level datas $_SSL_ca->{_expiration} = time + 3600; return $_SSL_ca->{_certs} = \@certs; @@ -557,6 +568,12 @@ sub _uncompressGzip { return $result; } +sub END { + # Free eventually stored certificates + IO::Socket::SSL::Utils::CERT_free(@{$_SSL_ca->{_certs}}) + if ref($_SSL_ca->{_certs}) eq 'ARRAY'; +} + 1; __END__ diff --git a/lib/GLPI/Agent/Version.pm b/lib/GLPI/Agent/Version.pm index a419e770c..13a3a62f9 100644 --- a/lib/GLPI/Agent/Version.pm +++ b/lib/GLPI/Agent/Version.pm @@ -3,7 +3,7 @@ package GLPI::Agent::Version; use strict; use warnings; -our $VERSION = "1.7-dev"; +our $VERSION = "1.6.1"; our $PROVIDER = "GLPI"; our $COMMENTS = []; @@ -31,5 +31,5 @@ agent issue is reported. One very useful information should be first defined like in that example: our $COMMENTS = [ - "Based on GLPI Agent 1.7-dev" + "Based on GLPI Agent 1.6.1" ];