From 12ec243a1d40126dffa5201d6e5819cb5d22b430 Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Fri, 4 Apr 2014 18:41:23 +0100
Subject: [PATCH] Update to 1.978

- New upstream release 1.978
  - Added public prefix checking to verification of wildcard certificates, e.g.
    accept *.foo.com but not *.co.uk; see documentation of
    SSL_verifycn_publicsuffix and IO::Socket::SSL::PublicSuffix
  - Fix publicsuffix for IDNA, more tests with various IDNA libs
    (CPAN RT#94424)
  - Reuse result of IDN lib detection from PublicSuffix.pm in SSL.pm
  - Add more checks to external/usable_ca.t; now it is enough that at least one
    of the hosts verifies against the built-in CA store
  - Add openssl and Net::SSLeay version to diagnostics in load test
- Switch preferred IDN back-end from Net::LibIDN to URI::_idna as per upstream,
  falling back to Net::IDN::Encode on older distributions
- Add fix from upstream git to support building with Test::More < 0.88
---
 ...9c221fd7d92b715434b7d96b26b644c8398f.patch | 69 +++++++++++++++++++
 perl-IO-Socket-SSL.spec                       | 42 +++++++++--
 sources                                       |  2 +-
 3 files changed, 106 insertions(+), 7 deletions(-)
 create mode 100644 f00f9c221fd7d92b715434b7d96b26b644c8398f.patch

diff --git a/f00f9c221fd7d92b715434b7d96b26b644c8398f.patch b/f00f9c221fd7d92b715434b7d96b26b644c8398f.patch
new file mode 100644
index 0000000..9da3ec1
--- /dev/null
+++ b/f00f9c221fd7d92b715434b7d96b26b644c8398f.patch
@@ -0,0 +1,69 @@
+From f00f9c221fd7d92b715434b7d96b26b644c8398f Mon Sep 17 00:00:00 2001
+From: Steffen Ullrich <Steffen_Ullrich@genua.de>
+Date: Fri, 4 Apr 2014 17:55:49 +0200
+Subject: [PATCH] t/public_suffix_lib* - run test even if IDN lib cannot be
+ loaded, but skip IDN tests - don't use done_testing to work with older
+ Test::More
+
+---
+ t/public_suffix_lib.pl | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/t/public_suffix_lib.pl b/t/public_suffix_lib.pl
+index 6e6e3c5..66bdfe4 100644
+--- a/t/public_suffix_lib.pl
++++ b/t/public_suffix_lib.pl
+@@ -5,17 +5,19 @@
+ 
+ my $ps;
+ sub run_with_lib {
++    my @idnlib = @_;
+     my %require = (
+ 	'URI::_idna' => 0,
+ 	'Net::LibIDN' => 0,
+ 	'Net::IDN::Encode' => 0,
+-	map { $_ => 1 } @_,
++	map { $_ => 1 } @idnlib,
+     );
+ 
+     my %block;
++    my $can_idn;
+     while ( my ($lib,$load) = each %require ) {
+ 	if ( $load ) {
+-	    eval "require $lib" or plan skip_all => "cannot load $lib: $@";
++	    $can_idn = eval "require $lib";
+ 	} else {
+ 	    $lib =~s{::}{/}g;
+ 	    $block{"$lib.pm"} = 1;
+@@ -28,6 +30,8 @@ sub run_with_lib {
+ 
+     require IO::Socket::SSL::PublicSuffix;
+ 
++    plan tests => 83;
++
+ 
+     # all one-level, but co.uk two-level
+     $ps = IO::Socket::SSL::PublicSuffix->from_string("*\nco.uk");
+@@ -172,12 +176,14 @@ sub run_with_lib {
+     is public_suffix('www.test.k12.ak.us'), 'k12.ak.us';
+ 
+     # Domains and gTLDs with characters outside the ASCII range:
+-    if ( $ps->can_idn ) {
+-	is public_suffix('test.敎育.hk'), '敎育.hk';
+-	is public_suffix('ਭਾਰਤ.ਭਾਰਤ'), 'ਭਾਰਤ';
++    SKIP: {
++	if ( $can_idn ) {
++	    is public_suffix('test.敎育.hk'), '敎育.hk';
++	    is public_suffix('ਭਾਰਤ.ਭਾਰਤ'), 'ਭਾਰਤ';
++	} else {
++	    skip "no IDN support with @idnlib",2
++	}
+     }
+-
+-    done_testing();
+ }
+ 
+ 
+-- 
+1.9.1
+
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index 50d7037..b96e337 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -1,14 +1,16 @@
 Name:		perl-IO-Socket-SSL
-Version:	1.975
+Version:	1.978
 Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
 Group:		Development/Libraries
 License:	GPL+ or Artistic
 URL:		http://search.cpan.org/dist/IO-Socket-SSL/
 Source0:	http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz
+Patch0:		https://github.com/noxxi/p5-io-socket-ssl/commit/f00f9c221fd7d92b715434b7d96b26b644c8398f.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildArch:	noarch
 BuildRequires:	openssl >= 0.9.8
+BuildRequires:	perl
 BuildRequires:	perl(Carp)
 BuildRequires:	perl(constant)
 BuildRequires:	perl(Data::Dumper)
@@ -18,7 +20,6 @@ BuildRequires:	perl(IO::Select)
 BuildRequires:	perl(IO::Socket)
 BuildRequires:	perl(IO::Socket::INET)
 BuildRequires:	perl(IO::Socket::INET6) >= 2.62
-BuildRequires:	perl(Net::LibIDN)
 BuildRequires:	perl(Net::SSLeay) >= 1.46
 BuildRequires:	perl(Scalar::Util)
 BuildRequires:	perl(Socket)
@@ -33,9 +34,19 @@ Requires:	perl(IO::Socket::IP) >= 0.20, perl(Socket) >= 1.95
 Requires:	perl(IO::Socket::INET6) >= 2.62, perl(Socket6)
 %endif
 Requires:	perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
-Requires:	perl(Net::LibIDN)
 Requires:	openssl >= 0.9.8
 
+# IDN back-ends: URI::_idna (from URI ≥ 1.50) is preferred
+# but Net::IDN::Encode (next pref) and Net::LibIDN are also tested
+BuildRequires:	perl(Net::IDN::Encode)
+BuildRequires:	perl(Net::LibIDN)
+%if 0%{?fedora} > 10 || 0%{?rhel} > 6
+BuildRequires:	perl(URI::_idna)
+Requires:	perl(URI::_idna)
+%else
+Requires:	perl(Net::IDN::Encode)
+%endif
+
 %description
 This module is a true drop-in replacement for IO::Socket::INET that
 uses SSL to encrypt data before it is transferred to a remote server
@@ -48,6 +59,9 @@ mod_perl.
 %prep
 %setup -q -n IO-Socket-SSL-%{version}
 
+# Fix from upstream git to support building with Test::More < 0.88
+%patch0 -p1
+
 %build
 echo n | perl Makefile.PL INSTALLDIRS=vendor
 make %{?_smp_mflags}
@@ -67,11 +81,27 @@ rm -rf %{buildroot}
 %files
 %doc BUGS Changes README docs/ certs/ example/ util/
 %{perl_vendorlib}/IO/
-%{_mandir}/man3/IO::Socket::SSL.3pm*
-%{_mandir}/man3/IO::Socket::SSL::Intercept.3pm*
-%{_mandir}/man3/IO::Socket::SSL::Utils.3pm*
+%{_mandir}/man3/IO::Socket::SSL.3*
+%{_mandir}/man3/IO::Socket::SSL::Intercept.3*
+%{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
+%{_mandir}/man3/IO::Socket::SSL::Utils.3*
 
 %changelog
+* Fri Apr  4 2014 Paul Howarth <paul@city-fan.org> - 1.978-1
+- Update to 1.978
+  - Added public prefix checking to verification of wildcard certificates, e.g.
+    accept *.foo.com but not *.co.uk; see documentation of
+    SSL_verifycn_publicsuffix and IO::Socket::SSL::PublicSuffix
+  - Fix publicsuffix for IDNA, more tests with various IDNA libs
+    (CPAN RT#94424)
+  - Reuse result of IDN lib detection from PublicSuffix.pm in SSL.pm
+  - Add more checks to external/usable_ca.t; now it is enough that at least one
+    of the hosts verifies against the built-in CA store
+  - Add openssl and Net::SSLeay version to diagnostics in load test
+- Switch preferred IDN back-end from Net::LibIDN to URI::_idna as per upstream,
+  falling back to Net::IDN::Encode on older distributions
+- Add fix from upstream git to support building with Test::More < 0.88
+
 * Wed Apr  2 2014 Paul Howarth <paul@city-fan.org> - 1.975-1
 - Update to 1.975
   - BEHAVIOR CHANGE: work around TEA misfeature on OS X built-in openssl, e.g.
diff --git a/sources b/sources
index d6c4604..1ee3f3d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-aff1da9c2bda589024c9147c6a3ae33a  IO-Socket-SSL-1.975.tar.gz
+72b0efa2b1a7777dde5ca88a069caf7e  IO-Socket-SSL-1.978.tar.gz