Resolves: RHEL-40758 - Update to 1.94 - Support for OpenSSL 3.1 and 3.2

2024-06-17 16:37:59 +02:00 · 2024-06-17 16:37:59 +02:00 · b37ff4906d
commit b37ff4906d
parent ee5aebcb6e
7 changed files with 111 additions and 26 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
+++ b/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
@ -1,12 +1,12 @@
-diff -ru Net-SSLeay-1.90.orig/t/local/44_sess.t Net-SSLeay-1.90/t/local/44_sess.t
--- Net-SSLeay-1.90.orig/t/local/44_sess.t	2020-12-12 14:55:23.000000000 +0100
-+++ Net-SSLeay-1.90/t/local/44_sess.t	2021-06-04 18:50:09.733150048 +0200
-@@ -13,13 +13,13 @@
+diff -up Net-SSLeay-1.94/t/local/44_sess.t.orig Net-SSLeay-1.94/t/local/44_sess.t
+--- Net-SSLeay-1.94/t/local/44_sess.t.orig	2024-06-17 15:55:57.760001634 +0200
+++ Net-SSLeay-1.94/t/local/44_sess.t	2024-06-17 15:57:33.333795022 +0200
+@@ -15,13 +15,13 @@ use English qw( $EVAL_ERROR $OSNAME $PER
 if (not can_fork()) {
     plan skip_all => "fork() not supported on this system";
 } else {
-    plan tests => 58;
-+    plan tests => 34;
+-    plan tests => 67;
+    plan tests => 39;
 }
 
 initialise_libssl();
@ -17,15 +17,15 @@ diff -ru Net-SSLeay-1.90.orig/t/local/44_sess.t Net-SSLeay-1.90/t/local/44_sess.
     TLSv1.3-num-tickets-ctx-6 TLSv1.3-num-tickets-ctx-0
 );
 
-diff -ru Net-SSLeay-1.90.orig/t/local/45_exporter.t Net-SSLeay-1.90/t/local/45_exporter.t
--- Net-SSLeay-1.90.orig/t/local/45_exporter.t	2020-12-12 14:55:23.000000000 +0100
-+++ Net-SSLeay-1.90/t/local/45_exporter.t	2021-06-04 18:50:13.931192784 +0200
-@@ -15,12 +15,12 @@
+diff -up Net-SSLeay-1.94/t/local/45_exporter.t.orig Net-SSLeay-1.94/t/local/45_exporter.t
+--- Net-SSLeay-1.94/t/local/45_exporter.t.orig	2024-06-17 15:57:56.945991033 +0200
+++ Net-SSLeay-1.94/t/local/45_exporter.t	2024-06-17 16:00:55.358499773 +0200
+@@ -16,12 +16,12 @@ if (not can_fork()) {
 } elsif (!defined &Net::SSLeay::export_keying_material) {
     plan skip_all => "No export_keying_material()";
 } else {
-    plan tests => 36;
-+    plan tests => 18;
+-    plan tests => 37;
+    plan tests => 19;
 }
 
 initialise_libssl();
--- a/gating.yaml
+++ b/gating.yaml
@ -3,4 +3,5 @@ product_versions:
  - rhel-9
 decision_context: osci_compose_gate
 rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/perl-Net-SSLeay.spec
+++ b/perl-Net-SSLeay.spec
@ -5,10 +5,10 @@
 %endif

 Name:		perl-Net-SSLeay
-Version:	1.92
-Release:	2%{?dist}
+Version:	1.94
+Release:	1%{?dist}
 Summary:	Perl extension for using OpenSSL
-License:	Artistic 2.0
+License:	Artistic-2.0
 URL:		https://metacpan.org/release/Net-SSLeay
 Source0:	https://cpan.metacpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz
 Patch1:		Net-SSLeay-1.90-pkgconfig.patch
@ -24,7 +24,6 @@ BuildRequires:	perl-devel
 BuildRequires:	perl-generators
 BuildRequires:	perl-interpreter
 BuildRequires:	perl(constant)
-BuildRequires:	perl(Cwd)
 BuildRequires:	perl(English)
 BuildRequires:	perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:	perl(ExtUtils::PkgConfig)
@ -38,34 +37,38 @@ BuildRequires:	perl(utf8)
 # =========== Module Runtime =========================
 BuildRequires:	perl(AutoLoader)
 BuildRequires:	perl(Carp)
+BuildRequires:	perl(Errno)
 BuildRequires:	perl(Exporter)
 BuildRequires:	perl(MIME::Base64)
 BuildRequires:	perl(Socket)
+BuildRequires:	perl(vars)
 BuildRequires:	perl(XSLoader)
 # =========== Test Suite =============================
+BuildRequires:	perl(base)
 BuildRequires:	perl(Config)
+BuildRequires:	perl(Cwd)
 BuildRequires:	perl(File::Spec)
 BuildRequires:	perl(FindBin)
 BuildRequires:	perl(HTTP::Tiny)
 BuildRequires:	perl(IO::Handle)
 BuildRequires:	perl(IO::Socket::INET)
 BuildRequires:	perl(lib)
+BuildRequires:	perl(Scalar::Util)
+BuildRequires:	perl(SelectSaver)
 BuildRequires:	perl(Storable)
 BuildRequires:	perl(strict)
 BuildRequires:	perl(Test::Builder)
 BuildRequires:	perl(Test::More) >= 0.61
 BuildRequires:	perl(threads)
 BuildRequires:	perl(warnings)
-# =========== Optional Test Suite ====================
+# =========== Optional Tests =========================
 %if %{with perl_Net_SSLeay_enables_optional_test}
-BuildRequires:	perl(Test::Exception)
+BuildRequires:	perl(Crypt::OpenSSL::Bignum)
 # Test::Kwalitee 1.00 not used
-BuildRequires:	perl(Test::NoWarnings)
-BuildRequires:	perl(Test::Pod) >= 1.0
+BuildRequires:	perl(Test::Pod) >= 1.41
 # Test::Pod::Coverage 1.00 not used
-BuildRequires:	perl(Test::Warn)
 %endif
-# =========== Module Runtime =========================
+# =========== Module Dependencies ====================
 Requires:	perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:	perl(MIME::Base64)
 Requires:	perl(XSLoader)
@ -73,6 +76,11 @@ Requires:	perl(XSLoader)
 # Don't "provide" private Perl libs or the redundant unversioned perl(Net::SSLeay) provide
 %global __provides_exclude ^(perl\\(Net::SSLeay\\)$|SSLeay\\.so)

+# Filter modules bundled for tests
+%global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_libexecdir}
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Test::Net::SSLeay.*\\)
+%global __requires_exclude %{__requires_exclude}|^perl\\(Net::PcapWriter\\)
+
 %description
 This module offers some high level convenience functions for accessing
 web pages on SSL servers (for symmetry, same API is offered for
@ -80,26 +88,41 @@ accessing http servers, too), a sslcat() function for writing your own
 clients, and finally access to the SSL API of SSLeay/OpenSSL package
 so you can write servers or clients for more complicated applications.

+%package tests
+Summary:        Tests for %{name}
+Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires:       perl-Test-Harness
+
+%description tests
+Tests from %{name}. Execute them
+with "%{_libexecdir}/%{name}/test".
+
 %prep
 %setup -q -n Net-SSLeay-%{version}

 # Get libraries to link against from pkg-config
 # https://github.com/radiator-software/p5-net-ssleay/pull/127
-%patch1
+%patch -P1

 # Disable TLS1 and TLS1_1 from tests
-%patch2 -p1
+%patch -P2 -p1

 # Fix permissions in examples to avoid bogus doc-file dependencies
 chmod -c 644 examples/*

+# Help generators to recognize Perl scripts
+for F in `find t -name *.t -o -name *.pl`; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
+    chmod +x "$F"
+done
+
 %build
 unset OPENSSL_PREFIX
 PERL_MM_USE_DEFAULT=1 perl Makefile.PL \
 	INSTALLDIRS=vendor \
 	NO_PACKLIST=1 \
 	NO_PERLLOCAL=1 \
-	OPTIMIZE="%{optflags}" </dev/null
+	OPTIMIZE="%{optflags}" < /dev/null
 %{make_build}

 %install
@ -110,6 +133,21 @@ find %{buildroot} -type f -name '*.bs' -empty -delete
 # Remove script we don't want packaged
 rm -f %{buildroot}%{perl_vendorarch}/Net/ptrtstrun.pl

+# Install tests
+mkdir -p %{buildroot}%{_libexecdir}/%{name}
+cp -a t inc %{buildroot}%{_libexecdir}/%{name}
+rm %{buildroot}%{_libexecdir}/%{name}/t/external/ocsp.t
+rm %{buildroot}%{_libexecdir}/%{name}/t/local/kwalitee.t
+rm %{buildroot}%{_libexecdir}/%{name}/t/local/02_pod_coverage.t
+
+cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
+#!/bin/sh
+unset RELEASE_TESTING
+cd %{_libexecdir}/%{name} && exec prove -I . -r -j "$(getconf _NPROCESSORS_ONLN)"
+EOF
+chmod +x %{buildroot}%{_libexecdir}/%{name}/test
+
+
 %check
 unset RELEASE_TESTING
 OPENSSL_ENABLE_SHA1_SIGNATURES=1 make test
@ -125,7 +163,32 @@ OPENSSL_ENABLE_SHA1_SIGNATURES=1 make test
 %{_mandir}/man3/Net::SSLeay.3*
 %{_mandir}/man3/Net::SSLeay::Handle.3*

+%files tests
+%{_libexecdir}/%{name}
+
 %changelog
+* Mon Jun 17 2024 Jitka Plesnikova <jplesnik@redhat.com> - 1.94-1
+- Resolves: RHEL-40758
+- Update to 1.94
+  - Net::SSLeay now officially supports all stable releases of OpenSSL 3.1 and
+    3.2, and LibreSSL 3.5-3.8
+  - Many noisy compiler warnings have been silenced - if SSLeay.xs fails to
+    compile, it should now be much easier to identify the cause
+  - libcrypto's OPENSSL_init_crypto() function and libssl's OPENSSL_init_ssl()
+    function are now exposed, enabling fine-grained control over the
+    initialisation and configuration of both libraries
+  - libssl functions implementing TLS 1.3 PSK authentication are now exposed,
+    in particular SSL_CTX_set_psk_find_session_callback() (on the server side)
+    and SSL_CTX_set_psk_use_session_callback() (on the client side)
+  - libssl functions implementing server-side TLS 1.2 PSK authentication are
+    now exposed, in particular SSL_CTX_set_psk_server_callback()
+  - libssl's SSL_CTX_set_client_hello_cb() function is now exposed, allowing a
+    TLS server to set a callback function that is executed when the server
+    processes a ClientHello message
+  - Many more libcrypto/libssl constants and functions are now exposed; see the
+    release notes for the 1.93 developer releases for a full list
+- Package tests
+
 * Wed Jul 27 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1.92-2
 - Enable using SHA1 for tests
 - Resolves: rhbz#2107670
--- a/plans/sanity.fmf
+++ b/plans/sanity.fmf
@ -0,0 +1,5 @@
+summary: Sanity tests
+discover:
+    how: fmf
+execute:
+    how: tmt
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (Net-SSLeay-1.92.tar.gz) = e9d9161ebeb7be90f4c7a0ea98f1034892ce6d33aa72872683177b19daa1f4c5819f85ea9a052a076ec8d7c21705f6c344aef64680bc881bf3218d38e8b7b173
+SHA512 (Net-SSLeay-1.94.tar.gz) = f1461667269f3da56ff7e1724b5511b95c34582250f8336e9f93d30f3b30d4a5360eb27622b9730bba11df75e00d717c7f0cea2120d20206723db136a8509375
--- a/tests/upstream-tests.fmf
+++ b/tests/upstream-tests.fmf
@ -0,0 +1,15 @@
+summary: Upstream tests
+contact: Jitka Plesnikova <jplesnik@redhat.com>
+component: perl-Net-SSLeay
+require: perl-Net-SSLeay-tests
+test: /usr/libexec/perl-Net-SSLeay/test
+enabled: true
+tag:
+  - rhel-buildroot
+  - TestCaseCopy
+  - Tier1
+tier: '1'
+adjust:
+  - enabled: false
+    when: distro = rhel-9 or distro = centos-stream-9
+    continue: false