Update to 2.068

- New upstream release 2.068 - Treat OpenSSL 1.1.1e as broken and refuse to build with it in order to prevent follow-up problems in tests and user code https://github.com/noxxi/p5-io-socket-ssl/issues/93 https://github.com/openssl/openssl/issues/11388 https://github.com/openssl/openssl/issues/11378 - Update PublicSuffix with latest data from publicsuffix.org - Patch out the refusal to build with OpenSSL 1.1.1e as the OpenSSL package in Fedora has had the problematic EOF-handling change reverted
2020-03-31 11:34:02 +01:00 · 2020-03-31 11:34:02 +01:00 · 9eb8a638a0
commit 9eb8a638a0
parent ae85d4e223
6 changed files with 37 additions and 55 deletions
--- a/IO-Socket-SSL-2.067-openssl-1.1.1e.patch
+++ b/IO-Socket-SSL-2.067-openssl-1.1.1e.patch
@ -1,44 +0,0 @@
--- lib/IO/Socket/SSL.pm
-+++ lib/IO/Socket/SSL.pm
-@@ -38,6 +38,7 @@ BEGIN {
- # results from commonly used constant functions from Net::SSLeay for fast access
- my $Net_SSLeay_ERROR_WANT_READ   = Net::SSLeay::ERROR_WANT_READ();
- my $Net_SSLeay_ERROR_WANT_WRITE  = Net::SSLeay::ERROR_WANT_WRITE();
-+my $Net_SSLeay_ERROR_SSL         = Net::SSLeay::ERROR_SSL();
- my $Net_SSLeay_ERROR_SYSCALL     = Net::SSLeay::ERROR_SYSCALL();
- my $Net_SSLeay_VERIFY_NONE       = Net::SSLeay::VERIFY_NONE();
- my $Net_SSLeay_VERIFY_PEER       = Net::SSLeay::VERIFY_PEER();
-@@ -1196,6 +1197,11 @@ sub _generic_read {
- 		    last;
- 		}
- 	    }
-+	    if ($err == $Net_SSLeay_ERROR_SSL) {
-+		# OpenSSL 1.1.1e+
-+		$data = '';
-+		last;
-+	    }
- 	    $self->error("SSL read error");
- 	}
- 	return;
-@@ -1274,6 +1280,11 @@ sub _generic_write {
-     }
-     if ( !defined($written) ) {
- 	if ( my $err = $self->_skip_rw_error( $ssl,-1 )) {
-+	    # if ERROR_SSL then make it look like it used to do
-+	    if ( $err == $Net_SSLeay_ERROR_SSL ) {
-+	        $err = $Net_SSLeay_ERROR_SYSCALL;
-+	        $! = 0;
-+	    }
- 	    # if $! is not set with ERROR_SYSCALL then report as EPIPE
- 	    $! ||= EPIPE if $err == $Net_SSLeay_ERROR_SYSCALL;
- 	    $self->error("SSL write error ($err)");
--- t/core.t
-+++ t/core.t
-@@ -130,6 +130,7 @@ unless (fork) {
- 		    4.0,
- 		    ord("y"),
- 		    "Test\nBeaver\nBeaver\n");
-+    Net::SSLeay::shutdown($client->_get_ssl_object);
-     shutdown($client, 1);
- 
-     my $buffer="\0\0aaaaaaaaaaaaaaaaaaaa";
--- a/IO-Socket-SSL-2.068-openssl-1.1.1e.patch
+++ b/IO-Socket-SSL-2.068-openssl-1.1.1e.patch
@ -0,0 +1,15 @@
+--- Makefile.PL
+++ Makefile.PL
+@@ -68,12 +68,6 @@ if (my $compiled = eval {
+ 	die sprintf("API-different OpenSSL versions compiled in (0x%08x) vs linked (0x%08x)",
+ 	    $compiled,$linked);
+     }
+-
+-    # OpenSSL 1.1.1e introduced behavior changes breaking various code
+-    # will likely be reverted  in 1.1.1f - enforce to not use this version
+-    if ($linked == 0x1010105f) {
+-	die "detected OpenSSL 1.1.1e - please use a different version\n";
+-    }
+ }
+ 
+ # make sure that we have dualvar from the XS Version of Scalar::Util
--- a/IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
+++ b/IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
@ -1,6 +1,6 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
-@@ -195,7 +195,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
+@@ -194,7 +194,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
 # global defaults
 my %DEFAULT_SSL_ARGS = (
     SSL_check_crl => 0,
@ -9,7 +9,7 @@
     SSL_verify_callback => undef,
     SSL_verifycn_scheme => undef,  # fallback cn verification
     SSL_verifycn_publicsuffix => undef,  # fallback default list verification
-@@ -2394,7 +2394,7 @@ sub new {
+@@ -2383,7 +2383,7 @@ sub new {
 
     my $ssl_op = $DEFAULT_SSL_OP;
 
--- a/IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
+++ b/IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
@ -1,6 +1,6 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
-@@ -203,77 +203,17 @@ my %DEFAULT_SSL_ARGS = (
+@@ -202,77 +202,17 @@ my %DEFAULT_SSL_ARGS = (
     SSL_npn_protocols => undef,    # meaning depends whether on server or client side
     SSL_alpn_protocols => undef,   # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
 
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@ -2,18 +2,18 @@
 %bcond_without perl_IO_Socket_SSL_test_IO_Socket_INET6

 Name:		perl-IO-Socket-SSL
-Version:	2.067
-Release:	2%{?dist}
+Version:	2.068
+Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
 License:	(GPL+ or Artistic) and MPLv2.0
 URL:		https://metacpan.org/release/IO-Socket-SSL
 Source0:	https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
-Patch0:		IO-Socket-SSL-2.067-use-system-default-cipher-list.patch
-Patch1:		IO-Socket-SSL-2.067-use-system-default-SSL-version.patch
+Patch0:		IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
+Patch1:		IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
 # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
 # bug #1632660, requires openssl tool
 Patch2:		IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
-Patch3:		IO-Socket-SSL-2.067-openssl-1.1.1e.patch
+Patch3:		IO-Socket-SSL-2.068-openssl-1.1.1e.patch
 BuildArch:	noarch
 # Module Build
 BuildRequires:	coreutils
@ -80,8 +80,8 @@ mod_perl.
 %prep
 %setup -q -n IO-Socket-SSL-%{version}

-# Fix FTBFS with OpenSSL 1.1.1e
-# https://github.com/noxxi/p5-io-socket-ssl/issues/93
+# Allow building with OpenSSL 1.1.1e as the Fedora package has the
+# problematic EOF handling change reverted
 %patch3

 # Use system-wide default cipher list to support use of system-wide
@ -127,6 +127,17 @@ make test
 %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*

 %changelog
+* Tue Mar 31 2020 Paul Howarth <paul@city-fan.org> - 2.068-1
+- Update to 2.068
+  - Treat OpenSSL 1.1.1e as broken and refuse to build with it in order to
+    prevent follow-up problems in tests and user code
+    https://github.com/noxxi/p5-io-socket-ssl/issues/93
+    https://github.com/openssl/openssl/issues/11388
+    https://github.com/openssl/openssl/issues/11378
+  - Update PublicSuffix with latest data from publicsuffix.org
+- Patch out the refusal to build with OpenSSL 1.1.1e as the OpenSSL package in
+  Fedora has had the problematic EOF-handling change reverted
+
 * Sat Mar 21 2020 Paul Howarth <paul@city-fan.org> - 2.067-2
 - Fix FTBFS with OpenSSL 1.1.1e
  https://github.com/noxxi/p5-io-socket-ssl/issues/93
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (IO-Socket-SSL-2.067.tar.gz) = b7b9edc470f2283c363a6296d3ce23f8754cc1b1a763329ccc8a0bc81dca7ffbaf9a833fc8ac31e62f5f72cab7c689ea0d4d0e293f75fe176d1b5c71ed723516
+SHA512 (IO-Socket-SSL-2.068.tar.gz) = 9bccce1a85d24a4e06394a7a0eb8c1c834a71d1fecf99e3a7c0fea1828dcad0da24768bfe0db996d70f3e153135fc958d85ae65fab300ebfd8b520441aa27cfa