From efd795381aff4dfb90fda32d50199167a4e4c8d6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 01 2022 11:23:32 +0000 Subject: import perl-Net-SSLeay-1.92-1.el9 --- diff --git a/.gitignore b/.gitignore index 9648a14..f7713de 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/Net-SSLeay-1.90.tar.gz +SOURCES/Net-SSLeay-1.92.tar.gz diff --git a/.perl-Net-SSLeay.metadata b/.perl-Net-SSLeay.metadata index d20fdfc..14166a3 100644 --- a/.perl-Net-SSLeay.metadata +++ b/.perl-Net-SSLeay.metadata @@ -1 +1 @@ -675c9df74163d48477ecf06601a589f3c3b096dd SOURCES/Net-SSLeay-1.90.tar.gz +03daf8b342ea57a9b1eef0689275ec99e5008e21 SOURCES/Net-SSLeay-1.92.tar.gz diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch deleted file mode 100644 index 188361c..0000000 --- a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff -ru Net-SSLeay-1.90.orig/t/local/05_passwd_cb.t Net-SSLeay-1.90/t/local/05_passwd_cb.t ---- Net-SSLeay-1.90.orig/t/local/05_passwd_cb.t 2020-11-18 10:12:44.000000000 +0100 -+++ Net-SSLeay-1.90/t/local/05_passwd_cb.t 2021-08-11 12:50:16.452681751 +0200 -@@ -5,7 +5,12 @@ - use Net::SSLeay; - use Test::Net::SSLeay qw( data_file_path initialise_libssl ); - --plan tests => 36; -+my $callback_double_use_in_pem_read_bio_key = check_callback_double_use_in_pem_read_bio_key(); -+if (! $callback_double_use_in_pem_read_bio_key) { -+ plan tests => 36; -+} else { -+ plan tests => 40; -+} - - initialise_libssl(); - -@@ -99,7 +104,13 @@ - ok( !Net::SSLeay::CTX_use_PrivateKey_file($ctx_1, $key_pem, &Net::SSLeay::FILETYPE_PEM), - 'CTX_use_PrivateKey_file doesn\'t work with wrong passphrase' ); - --is($cb_1_calls, 2, 'callback1 called 2 times'); -+my $right_cb_1_calls; -+if (! $callback_double_use_in_pem_read_bio_key) { -+ $right_cb_1_calls = 2; -+} else { -+ $right_cb_1_calls = 3; -+} -+is($cb_1_calls, $right_cb_1_calls, 'callback1 called '.$right_cb_1_calls.' times'); - - - # OpenSSL 1.1.0 has SSL_set_default_passwd_cb, but the callback is not -@@ -177,5 +188,35 @@ - ok( !Net::SSLeay::use_PrivateKey_file($ssl_1, $key_pem, &Net::SSLeay::FILETYPE_PEM), - 'use_PrivateKey_file doesn\'t work with wrong passphrase' ); - -- is($cb_1_calls, 2, 'callback1 called 2 times'); -+ my $right_cb_1_calls; -+ if (! $callback_double_use_in_pem_read_bio_key) { -+ $right_cb_1_calls = 2; -+ } else { -+ $right_cb_1_calls = 3; -+ } -+ -+ is($cb_1_calls, $right_cb_1_calls, 'callback1 called '.$right_cb_1_calls.' times'); -+} -+ -+# In OpenSSL between alpha16 and alpha17 was change (7bc027d73bc51cfa0ae23fbfd91134be9464d694) -+# which add one callback call in case of failing pem_read_bio_key_decoder() -+# In OpenSSL between beta1 and beta2 was change (66a7c9f34b46edd462d647ae2febe8276bb9b4f7) -+# which add passphrase caching to avoid asking for password twice -+sub check_callback_double_use_in_pem_read_bio_key { -+ my $ssleay_version = Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ); -+ my ($openssl_alpha_version, $openssl_beta_version); -+ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-alpha(\d+)\ /) { -+ $openssl_alpha_version = $1; -+ } -+ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-beta(\d+)\ /) { -+ $openssl_beta_version = $1; -+ } -+ if ((Net::SSLeay::SSLeay == 0x30000000 && defined $openssl_alpha_version && $openssl_alpha_version < 17) -+ || Net::SSLeay::SSLeay == 0x30000000 && defined $openssl_beta_version && $openssl_beta_version > 1 -+ || Net::SSLeay::SSLeay < 0x30000000) { -+ -+ return 0; -+ } else { -+ return 1; -+ } - } diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch deleted file mode 100644 index 7292928..0000000 --- a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru Net-SSLeay-1.90.orig/t/local/32_x509_get_cert_info.t Net-SSLeay-1.90/t/local/32_x509_get_cert_info.t ---- Net-SSLeay-1.90.orig/t/local/32_x509_get_cert_info.t 2020-11-18 10:12:44.000000000 +0100 -+++ Net-SSLeay-1.90/t/local/32_x509_get_cert_info.t 2021-06-02 00:37:27.881748999 +0200 -@@ -190,7 +190,7 @@ - Net::SSLeay::SSLeay < 0x30000000 - || ( - Net::SSLeay::SSLeay == 0x30000000 -- && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1/ -+ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) =~ /-alpha1\ / - ) - ) - ) { diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch deleted file mode 100644 index 3c653fa..0000000 --- a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru Net-SSLeay-1.90.orig/SSLeay.xs Net-SSLeay-1.90/SSLeay.xs ---- Net-SSLeay-1.90.orig/SSLeay.xs 2021-01-21 16:14:11.000000000 +0100 -+++ Net-SSLeay-1.90/SSLeay.xs 2021-06-02 01:47:55.724962156 +0200 -@@ -4556,7 +4556,7 @@ - if (passwd_len>0) { - /* encrypted key */ - if (!enc_alg) -- PEM_write_bio_PrivateKey(bp,pk,EVP_des_cbc(),(unsigned char *)passwd,passwd_len,cb,u); -+ PEM_write_bio_PrivateKey(bp,pk,EVP_des_ede(),(unsigned char *)passwd,passwd_len,cb,u); - else - PEM_write_bio_PrivateKey(bp,pk,enc_alg,(unsigned char *)passwd,passwd_len,cb,u); - } diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch deleted file mode 100644 index ec41b7e..0000000 --- a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch +++ /dev/null @@ -1,60 +0,0 @@ -commit 327550f61f5e1e932ea911e59ccc496ebb307030 -Author: Chris Novakovic -Date: Tue Jun 8 21:49:40 2021 +0100 - - 39_pkcs12.t: validate CA certificate CNs with all libssl versions - - When verifying common names in the PKCS#12 certificate chain, account - for the fact that PKCS12_parse() returns the CA certificate chain in a - different order in different versions of libssl. - - Since the CA certificate chain tests now cover all versions of OpenSSL - and LibreSSL, don't skip the order check for versions of OpenSSL before - 1.0.0, and remove the generic tests that ensure X509_NAME_oneline() - returns a valid-looking common name for each of the CA certificates - (since they're now redundant). - -diff --git a/t/local/39_pkcs12.t b/t/local/39_pkcs12.t -index 5c7fb8b..5083331 100644 ---- a/t/local/39_pkcs12.t -+++ b/t/local/39_pkcs12.t -@@ -3,7 +3,7 @@ use lib 'inc'; - use Net::SSLeay; - use Test::Net::SSLeay qw( data_file_path initialise_libssl ); - --plan tests => 19; -+plan tests => 17; - - initialise_libssl(); - -@@ -36,12 +36,24 @@ my $filename3 = data_file_path('simple-cert.p12'); - my $ca1_subj_name = Net::SSLeay::X509_get_subject_name($cachain[0]); - my $ca2_subj_name = Net::SSLeay::X509_get_subject_name($cachain[1]); - is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [2/1]"); -- like(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/2]"); -- like(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/3]"); -- SKIP: { -- skip("cert order in CA chain is different in openssl pre-1.0.0", 2) unless Net::SSLeay::SSLeay >= 0x01000000; -- is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]"); -- is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/5]"); -+ # OpenSSL versions 1.0.0-beta2 to 3.0.0-alpha6 inclusive and all versions of -+ # LibreSSL return the CA certificate chain with the root CA certificate at the -+ # end; all other versions return the certificate chain with the root CA -+ # certificate at the start -+ if ( -+ Net::SSLeay::SSLeay < 0x10000002 -+ || ( -+ Net::SSLeay::SSLeay == 0x30000000 -+ && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) !~ /-alpha[1-6] / -+ ) -+ || Net::SSLeay::SSLeay > 0x30000000 -+ ) { -+ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/3]"); -+ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]"); -+ } -+ else { -+ is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/3]"); -+ is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/4]"); - } - } - diff --git a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch deleted file mode 100644 index 76bf9a6..0000000 --- a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -ru Net-SSLeay-1.90.orig/t/local/43_misc_functions.t Net-SSLeay-1.90/t/local/43_misc_functions.t ---- Net-SSLeay-1.90.orig/t/local/43_misc_functions.t 2021-01-21 16:14:11.000000000 +0100 -+++ Net-SSLeay-1.90/t/local/43_misc_functions.t 2021-06-04 17:30:29.508947419 +0200 -@@ -245,6 +245,23 @@ - - my $ciphersuites = join(':', keys(%tls_1_3_aead_cipher_to_keyblock_size)); - -+ # In OpenSSL 3.0.0 alpha 11 (commit c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9) was -+ # changed api of set_ciphersuites to ignore unknown ciphers. -+ my $ret_partially_bad_ciphersuites; -+ my $ssleay_version = Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ); -+ my $openssl_alpha_version; -+ if (Net::SSLeay::SSLeay == 0x30000000 && $ssleay_version =~ /-alpha(\d+)\ /) { -+ $openssl_alpha_version = $1; -+ } -+ if ((Net::SSLeay::SSLeay == 0x30000000 -+ && defined $openssl_alpha_version && $openssl_alpha_version < 11) -+ || Net::SSLeay::SSLeay < 0x30000000) { -+ -+ $ret_partially_bad_ciphersuites = 0; -+ } else { -+ $ret_partially_bad_ciphersuites = 1; -+ } -+ - my ($ctx, $rv, $ssl); - $ctx = Net::SSLeay::CTX_new(); - $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, $ciphersuites); -@@ -257,7 +271,7 @@ - }; - is($rv, 1, 'CTX set undef ciphersuites'); - $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:' . $ciphersuites); -- is($rv, 0, 'CTX set partially bad ciphersuites'); -+ is($rv, $ret_partially_bad_ciphersuites, 'CTX set partially bad ciphersuites'); - $rv = Net::SSLeay::CTX_set_ciphersuites($ctx, 'nosuchthing:'); - is($rv, 0, 'CTX set bad ciphersuites'); - -@@ -272,7 +286,7 @@ - }; - is($rv, 1, 'SSL set undef ciphersuites'); - $rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:' . $ciphersuites); -- is($rv, 0, 'SSL set partially bad ciphersuites'); -+ is($rv, $ret_partially_bad_ciphersuites, 'SSL set partially bad ciphersuites'); - $rv = Net::SSLeay::set_ciphersuites($ssl, 'nosuchthing:'); - is($rv, 0, 'SSL set bad ciphersuites'); - diff --git a/SPECS/perl-Net-SSLeay.spec b/SPECS/perl-Net-SSLeay.spec index fde74c6..c976b60 100644 --- a/SPECS/perl-Net-SSLeay.spec +++ b/SPECS/perl-Net-SSLeay.spec @@ -5,19 +5,14 @@ %endif Name: perl-Net-SSLeay -Version: 1.90 -Release: 8%{?dist} +Version: 1.92 +Release: 1%{?dist} Summary: Perl extension for using OpenSSL License: Artistic 2.0 URL: https://metacpan.org/release/Net-SSLeay Source0: https://cpan.metacpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz -Patch10: Net-SSLeay-1.90-pkgconfig.patch -Patch11: Net-SSLeay-1.90-openssl3.0.0-32_x509_get_cert_info.patch -Patch12: Net-SSLeay-1.90-openssl3.0.0-33_x509_create_cert.patch -Patch13: Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch -Patch14: Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch -Patch15: Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch -Patch16: Net-SSLeay-1.90-openssl3.0.0-05_passwd_cb.patch +Patch1: Net-SSLeay-1.90-pkgconfig.patch +Patch2: Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch # =========== Module Build =========================== BuildRequires: coreutils BuildRequires: findutils @@ -28,13 +23,17 @@ BuildRequires: openssl-devel BuildRequires: perl-devel BuildRequires: perl-generators BuildRequires: perl-interpreter +BuildRequires: perl(constant) BuildRequires: perl(Cwd) +BuildRequires: perl(English) BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76 BuildRequires: perl(ExtUtils::PkgConfig) BuildRequires: perl(ExtUtils::MM) BuildRequires: perl(File::Basename) BuildRequires: perl(File::Path) +BuildRequires: perl(File::Spec::Functions) BuildRequires: perl(Symbol) +BuildRequires: perl(Text::Wrap) BuildRequires: perl(utf8) # =========== Module Runtime ========================= BuildRequires: perl(AutoLoader) @@ -53,6 +52,7 @@ BuildRequires: perl(IO::Socket::INET) BuildRequires: perl(lib) BuildRequires: perl(Storable) BuildRequires: perl(strict) +BuildRequires: perl(Test::Builder) BuildRequires: perl(Test::More) >= 0.61 BuildRequires: perl(threads) BuildRequires: perl(warnings) @@ -85,25 +85,10 @@ so you can write servers or clients for more complicated applications. # Get libraries to link against from pkg-config # https://github.com/radiator-software/p5-net-ssleay/pull/127 -%patch10 - -# https://github.com/radiator-software/p5-net-ssleay/pull/271 -%patch11 -p1 - -# https://github.com/radiator-software/p5-net-ssleay/issues/272 -%patch12 -p1 - -# https://github.com/radiator-software/p5-net-ssleay/pull/274 -%patch13 -p1 - -# https://github.com/radiator-software/p5-net-ssleay/pull/275 -%patch14 -p1 +%patch1 # Disable TLS1 and TLS1_1 from tests -%patch15 -p1 - -# https://github.com/radiator-software/p5-net-ssleay/pull/282 -%patch16 -p1 +%patch2 -p1 # Fix permissions in examples to avoid bogus doc-file dependencies chmod -c 644 examples/* @@ -141,6 +126,9 @@ make test %{_mandir}/man3/Net::SSLeay::Handle.3* %changelog +* Wed Jan 26 2022 Michal Josef Špaček - 1.92-1 +- Update to 1.92 + * Wed Aug 11 2021 Michal Josef Špaček - 1.90-8 - Fix tests for openssl 3.0.0-beta2. rhbz#1992571 - Add another fix for t/05_passwd_cb.t, because change in passphrase caching