From a8ba4dee5c690bebb0e3981e363ae02aa76c156e Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Fri, 22 Jan 2021 09:08:35 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/perl-Net-SSLeay.git#ebcaf5749f4556c561430d562f18434f4707e9f5 --- Net-SSLeay-1.88-OpenSSL-1.1.1e.patch | 128 ------------------ ...g.patch => Net-SSLeay-1.90-pkgconfig.patch | 14 +- perl-Net-SSLeay.spec | 33 +++-- sources | 2 +- 4 files changed, 23 insertions(+), 154 deletions(-) delete mode 100644 Net-SSLeay-1.88-OpenSSL-1.1.1e.patch rename Net-SSLeay-1.86_09-pkgconfig.patch => Net-SSLeay-1.90-pkgconfig.patch (60%) diff --git a/Net-SSLeay-1.88-OpenSSL-1.1.1e.patch b/Net-SSLeay-1.88-OpenSSL-1.1.1e.patch deleted file mode 100644 index 4d00c0e..0000000 --- a/Net-SSLeay-1.88-OpenSSL-1.1.1e.patch +++ /dev/null @@ -1,128 +0,0 @@ -From 25ae268277121eeecd29830dec6a0229e4f8fbcb Mon Sep 17 00:00:00 2001 -From: Heikki Vatiainen -Date: Fri, 20 Mar 2020 10:49:35 +0200 -Subject: GH-160 Call Net::SSLeay::shutdown() from SSLeay::sslcat() - and t/local/07_sslecho.t. (#161) - -Fix for GH-160 seems to require SSL_shutdown() calls which were missing from -t/local/07_sslecho.t and Net::SSLeay::sslcat() - -These seem to relate to this change in OpenSSL -'Detect EOF while reading in libssl': -https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a - -The newly added OpenSSL error message 'unexpected eof while reading' was seen -before the SSL_shutdown() calls were added. ---- - lib/Net/SSLeay.pm | 1 + - t/local/07_sslecho.t | 30 ++++++++++++++++++++++++++++-- - 2 files changed, 29 insertions(+), 2 deletions(-) - -diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm -index 7f14519..2cf79ed 100644 ---- a/lib/Net/SSLeay.pm -+++ b/lib/Net/SSLeay.pm -@@ -1120,6 +1120,7 @@ sub sslcat { # address, port, message, $crt, $key --> reply / (reply,errs,cert) - goto cleanup unless $written; - - sleep $slowly if $slowly; # Closing too soon can abort broken servers -+ Net::SSLeay::shutdown($ssl); # Useful starting with OpenSSL 1.1.1e - CORE::shutdown SSLCAT_S, 1; # Half close --> No more output, send EOF to server - - warn "waiting for reply...\n" if $trace>2; -diff --git a/t/local/07_sslecho.t b/t/local/07_sslecho.t -index e876715..2ef4baf 100644 ---- a/t/local/07_sslecho.t -+++ b/t/local/07_sslecho.t -@@ -13,7 +13,7 @@ BEGIN { - plan skip_all => "fork() not supported on $^O" unless $Config{d_fork}; - } - --plan tests => 102; -+plan tests => 122; - $SIG{'PIPE'} = 'IGNORE'; - - my $sock; -@@ -103,8 +103,28 @@ Net::SSLeay::library_init(); - - my $got = Net::SSLeay::ssl_read_all($ssl); - is($got, $msg, 'ssl_read_all') if $_ < 7; -+ -+ is(Net::SSLeay::get_shutdown($ssl), Net::SSLeay::RECEIVED_SHUTDOWN(), 'shutdown from peer'); - ok(Net::SSLeay::ssl_write_all($ssl, uc($got)), 'ssl_write_all'); - -+ # With 1.1.1e and $Net::SSLeay::trace=3 you'll see these without shutdown: -+ # SSL_read 9740: 1 - error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading -+ my $sret = Net::SSLeay::shutdown($ssl); -+ if ($sret < 0) -+ { -+ # ERROR_SYSCALL seen on < 1.1.1, if so also print errno string -+ my $err = Net::SSLeay::get_error($ssl, $sret); -+ my $extra = ($err == Net::SSLeay::ERROR_SYSCALL()) ? "$err, $!" : "$err"; -+ -+ ok($err == Net::SSLeay::ERROR_ZERO_RETURN() || -+ $err == Net::SSLeay::ERROR_SYSCALL(), -+ "server shutdown not success, but acceptable: $extra"); -+ } -+ else -+ { -+ pass('server shutdown success'); -+ } -+ - Net::SSLeay::free($ssl); - close $ns; - } -@@ -143,6 +163,7 @@ my @results; - push @results, [ Net::SSLeay::get_cipher($ssl), 'get_cipher' ]; - - push @results, [ Net::SSLeay::ssl_write_all($ssl, $msg), 'write' ]; -+ push @results, [ Net::SSLeay::shutdown($ssl) >= 0, 'client side ssl shutdown' ]; - shutdown($s, 1); - - my $got = Net::SSLeay::ssl_read_all($ssl); -@@ -185,6 +206,7 @@ my @results; - - Net::SSLeay::ssl_write_all($ssl, $msg); - -+ push @results, [Net::SSLeay::shutdown($ssl) >= 0, 'verify: client side ssl shutdown' ]; - shutdown $s, 2; - close $s; - Net::SSLeay::free($ssl); -@@ -238,14 +260,17 @@ my @results; - - Net::SSLeay::connect($ssl1); - Net::SSLeay::ssl_write_all($ssl1, $msg); -+ push @results, [Net::SSLeay::shutdown($ssl1) >= 0, 'client side ssl1 shutdown' ]; - shutdown $s1, 2; - - Net::SSLeay::connect($ssl2); - Net::SSLeay::ssl_write_all($ssl2, $msg); -+ push @results, [Net::SSLeay::shutdown($ssl2) >= 0, 'client side ssl2 shutdown' ]; - shutdown $s2, 2; - - Net::SSLeay::connect($ssl3); - Net::SSLeay::ssl_write_all($ssl3, $msg); -+ push @results, [Net::SSLeay::shutdown($ssl3) >= 0, 'client side ssl3 shutdown' ]; - shutdown $s3, 2; - - close $s1; -@@ -362,6 +387,7 @@ my @results; - my $written = Net::SSLeay::ssl_write_all($ssl, \$data); - push @results, [ $written == length $data, 'ssl_write_all' ]; - -+ push @results, [Net::SSLeay::shutdown($ssl) >= 0, 'client side aaa write ssl shutdown' ]; - shutdown $s, 1; - - my $got = Net::SSLeay::ssl_read_all($ssl); -@@ -377,7 +403,7 @@ waitpid $pid, 0; - push @results, [ $? == 0, 'server exited with 0' ]; - - END { -- Test::More->builder->current_test(73); -+ Test::More->builder->current_test(87); - for my $t (@results) { - ok( $t->[0], $t->[1] ); - } --- -2.25.1 - diff --git a/Net-SSLeay-1.86_09-pkgconfig.patch b/Net-SSLeay-1.90-pkgconfig.patch similarity index 60% rename from Net-SSLeay-1.86_09-pkgconfig.patch rename to Net-SSLeay-1.90-pkgconfig.patch index 0656386..5cefe35 100644 --- a/Net-SSLeay-1.86_09-pkgconfig.patch +++ b/Net-SSLeay-1.90-pkgconfig.patch @@ -1,23 +1,15 @@ --- Makefile.PL +++ Makefile.PL -@@ -201,11 +201,16 @@ EOM +@@ -209,7 +209,12 @@ EOM @{ $opts->{lib_links} } = map { $_ =~ s/32\b//g } @{ $opts->{lib_links} } if $Config{use64bitall}; } else { -- push @{ $opts->{lib_links} }, -- ($rsaref -- ? qw( ssl crypto RSAglue rsaref z ) -- : qw( ssl crypto z ) -- ); +- push @{ $opts->{lib_links} }, qw( ssl crypto z ); + if ( eval { require ExtUtils::PkgConfig; ExtUtils::PkgConfig->VERSION('1.16') } && ExtUtils::PkgConfig->exists('openssl') ) { + push @{ $opts->{lib_links} }, map { s/^-l//; $_ } split(' ', ExtUtils::PkgConfig->libs_only_l('openssl')); + } + else { -+ push @{ $opts->{lib_links} }, -+ ($rsaref -+ ? qw( ssl crypto RSAglue rsaref z ) -+ : qw( ssl crypto z ) -+ ); ++ push @{ $opts->{lib_links} }, qw( ssl crypto z ); + } if (($Config{cc} =~ /aCC/i) && $^O eq 'hpux') { diff --git a/perl-Net-SSLeay.spec b/perl-Net-SSLeay.spec index 819210f..110d957 100644 --- a/perl-Net-SSLeay.spec +++ b/perl-Net-SSLeay.spec @@ -4,18 +4,14 @@ %{bcond_with perl_Net_SSLeay_enables_optional_test} %endif -# Provides/Requires filtering is different from rpm 4.9 onwards -%global rpm49 %(rpm --version | perl -p -e 's/^.* (\\d+)\\.(\\d+).*/sprintf("%d.%03d",$1,$2) ge 4.009 ? 1 : 0/e' 2>/dev/null || echo 0) - Name: perl-Net-SSLeay -Version: 1.88 -Release: 9%{?dist} +Version: 1.90 +Release: 1%{?dist} Summary: Perl extension for using OpenSSL License: Artistic 2.0 URL: https://metacpan.org/release/Net-SSLeay Source0: https://cpan.metacpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz -Patch0: Net-SSLeay-1.88-OpenSSL-1.1.1e.patch -Patch10: Net-SSLeay-1.86_09-pkgconfig.patch +Patch10: Net-SSLeay-1.90-pkgconfig.patch # =========== Module Build =========================== BuildRequires: coreutils BuildRequires: findutils @@ -33,6 +29,7 @@ BuildRequires: perl(ExtUtils::MM) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Path) BuildRequires: perl(Symbol) +BuildRequires: perl(utf8) # =========== Module Runtime ========================= BuildRequires: perl(AutoLoader) BuildRequires: perl(Carp) @@ -80,12 +77,6 @@ so you can write servers or clients for more complicated applications. %prep %setup -q -n Net-SSLeay-%{version} -# Add SSL_shutdown() calls in Net::SSLeay::sslcat() and t/local/07_sslecho.t -# to fix compatibility with OpenSSL 1.1.1e -# https://github.com/radiator-software/p5-net-ssleay/issues/160 -# https://github.com/radiator-software/p5-net-ssleay/pull/161 -%patch0 -p1 - # Get libraries to link against from pkg-config # https://github.com/radiator-software/p5-net-ssleay/pull/127 %patch10 @@ -93,7 +84,6 @@ so you can write servers or clients for more complicated applications. # Fix permissions in examples to avoid bogus doc-file dependencies chmod -c 644 examples/* - %build unset OPENSSL_PREFIX PERL_MM_USE_DEFAULT=1 perl Makefile.PL \ @@ -127,6 +117,21 @@ make test %{_mandir}/man3/Net::SSLeay::Handle.3* %changelog +* Thu Jan 21 2021 Paul Howarth - 1.90-1 +- Update to 1.90 + - Formalised libssl version support policy: all stable versions of OpenSSL + in the 0.9.8-1.1.1 branches (with the exception of 0.9.8-0.9.8b) and all + stable releases of LibreSSL in the 2.0-3.1 series are supported + - The LibreSSL 3.2 series is not yet fully supported because its TLSv1.3 + implementation is not currently libssl-compatible + - Added support for LibreSSL on Windows when built with Visual C++ + - Exposed P_X509_CRL_add_extensions, several SSL_CIPHER functions, and + several stack functions + - Fixed crashes in the callback functions CTX_set_next_proto_select_cb and + CTX_set_alpn_select_cb + - The test suite is now compatible with OpenSSL 1.1.1e onwards, as well as + OpenSSL security level 2 (the default on many Linux distributions) + * Tue Jul 28 2020 Fedora Release Engineering - 1.88-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sources b/sources index dedf785..7328f1a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (Net-SSLeay-1.88.tar.gz) = 37fc32ec003337f3dc18bf928139079a3127628c6fa0fccaed0c27b6bf3b216c2c5338ed1aaf9408b0add3be549df3218d3c5a6d6299793c1329d8a0813a1682 +SHA512 (Net-SSLeay-1.90.tar.gz) = 8a5f251b5ef1d8c2d619d984594a7a22ddeed2e5e726fe683a45f299d7878f4ca8ffab00480ebf5ef7a94ae1fcf6be05dfdaa68b8bfe2ad68443150765adb891