Sync from SUSE:ALP:Source:Standard:1.0 perl-IO-Socket-SSL revision 3a0b20d3273dedcfb3508ef5624f20e8

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

cpanspec.yml

@@ -0,0 +1,5 @@
+patches:
+  perl-IO-Socket-SSL-use-system-default-cipher-list.patch: -p1 PATCH-FIX-UPSTREAM (bsc1200295) perl-IO-Socket-SSL doesn't follow system "PROFILE=SYSTEM" openSSL ciphers - https://git.centos.org/rpms/perl-IO-Socket-SSL/blob/e0b0ae04f5cdb41b1f29cb7d76c23abba7ac35e9/f/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
+ignore_requires: Mozilla::CA
+prep: |-
+ rm README.Win32

perl-IO-Socket-SSL-Openssl32.patch

@@ -0,0 +1,23 @@
+From 7c0798d6de3467603dff42253448e36aded7f5ac Mon Sep 17 00:00:00 2001
+From: Steffen Ullrich <github@maulwuff.de>
+Date: Fri, 22 Dec 2023 08:07:20 +0100
+Subject: [PATCH] fixed test fail #147 with OpenSSL 3.2
+
+---
+ t/core.t | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/t/core.t b/t/core.t
+index e194811..22d78fb 100755
+--- a/t/core.t
++++ b/t/core.t
+@@ -74,7 +74,8 @@ unless (fork) {
+ 	LocalAddr => $localip,
+     );
+     print $client "Test\n";
+-    is( <$client>, "This server is SSL only", "Client non-SSL connection");
++
++    like( <$client>, qr/This server is SSL only/, "Client non-SSL connection");
+     close $client;
+ 
+     $client = IO::Socket::SSL->new(

perl-IO-Socket-SSL-use-system-default-cipher-list.patch

@@ -0,0 +1,34 @@
+Index: IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pm
+===================================================================
+--- IO-Socket-SSL-2.074.orig/lib/IO/Socket/SSL.pm
++++ IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pm
+@@ -205,8 +205,10 @@ my %DEFAULT_SSL_ARGS = (
+     SSL_npn_protocols => undef,    # meaning depends whether on server or client side
+     SSL_alpn_protocols => undef,   # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
+ 
+-    # rely on system default but be sure to disable some definitely bad ones
+-    SSL_cipher_list => 'DEFAULT !EXP !MEDIUM !LOW !eNULL !aNULL !RC4 !DES !MD5 !PSK !SRP',
++    # Use system-wide default cipher list to support use of system-wide
++    # crypto policy (#1076390, #1127577, CPAN RT#97816)
++    # https://fedoraproject.org/wiki/Changes/CryptoPolicy
++    SSL_cipher_list => 'PROFILE=SYSTEM',
+ );
+ 
+ my %DEFAULT_SSL_CLIENT_ARGS = (
+Index: IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pod
+===================================================================
+--- IO-Socket-SSL-2.074.orig/lib/IO/Socket/SSL.pod
++++ IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pod
+@@ -1070,9 +1070,8 @@ ciphers for TLS 1.2 and lower. See the O
+ for more details.
+ 
+ Unless you fail to contact your peer because of no shared ciphers it is
+-recommended to leave this option at the default setting, which uses the system
+-default but disables some insecure ciphers which might still be enabled on older
+-systems.
++recommended to leave this option at the default setting, which honors the
++system-wide PROFILE=SYSTEM cipher list.
+ 
+ In case different cipher lists are needed for different SNI hosts a hash can be
+ given with the host as key and the cipher suite as value, similar to
+

perl-IO-Socket-SSL.spec

@@ -0,0 +1,112 @@
+#
+# spec file for package perl-IO-Socket-SSL
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define cpan_name IO-Socket-SSL
+Name:           perl-IO-Socket-SSL
+Version:        2.84.0
+Release:        0
+%define cpan_version 2.084
+License:        Artistic-1.0 OR GPL-1.0-or-later
+Summary:        Nearly transparent SSL encapsulation for IO::Socket::INET
+URL:            https://metacpan.org/release/%{cpan_name}
+Source0:        https://cpan.metacpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{cpan_version}.tar.gz
+Source1:        cpanspec.yml
+# PATCH-FIX-UPSTREAM (bsc1200295) perl-IO-Socket-SSL doesn't follow system "PROFILE=SYSTEM" openSSL ciphers - https://git.centos.org/rpms/perl-IO-Socket-SSL/blob/e0b0ae04f5cdb41b1f29cb7d76c23abba7ac35e9/f/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
+Patch0:         perl-IO-Socket-SSL-use-system-default-cipher-list.patch
+# PATCH-FIX-UPSTREAM (bsc#1218342) Fix the test t/core.t to build with OpenSSL 3.2.0
+Patch1:         perl-IO-Socket-SSL-Openssl32.patch
+BuildArch:      noarch
+BuildRequires:  perl
+BuildRequires:  perl-macros
+#BuildRequires:  perl(Mozilla::CA)
+BuildRequires:  perl(Net::SSLeay) >= 1.46
+#Requires:       perl(Mozilla::CA)
+Requires:       perl(Net::SSLeay) >= 1.46
+Provides:       perl(IO::Socket::SSL) = 2.84.0
+Provides:       perl(IO::Socket::SSL::Intercept) = 2.056
+Provides:       perl(IO::Socket::SSL::OCSP_Cache)
+Provides:       perl(IO::Socket::SSL::OCSP_Resolver)
+Provides:       perl(IO::Socket::SSL::PublicSuffix)
+Provides:       perl(IO::Socket::SSL::SSL_Context)
+Provides:       perl(IO::Socket::SSL::SSL_HANDLE)
+Provides:       perl(IO::Socket::SSL::Session_Cache)
+Provides:       perl(IO::Socket::SSL::Trace)
+Provides:       perl(IO::Socket::SSL::Utils) = 2.015
+%define         __perllib_provides /bin/true
+%{perl_requires}
+
+%description
+IO::Socket::SSL makes using SSL/TLS much easier by wrapping the necessary
+functionality into the familiar IO::Socket interface and providing secure
+defaults whenever possible. This way, existing applications can be made
+SSL-aware without much effort, at least if you do blocking I/O and don't
+use select or poll.
+
+But, under the hood, SSL is a complex beast. So there are lots of methods
+to make it do what you need if the default behavior is not adequate.
+Because it is easy to inadvertently introduce critical security bugs or
+just hard to debug problems, I would recommend studying the following
+documentation carefully.
+
+The documentation consists of the following parts:
+
+* * "Essential Information About SSL/TLS"
+
+* * "Basic SSL Client"
+
+* * "Basic SSL Server"
+
+* * "Common Usage Errors"
+
+* * "Common Problems with SSL"
+
+* * "Using Non-Blocking Sockets"
+
+* * "Advanced Usage"
+
+* * "Integration Into Own Modules"
+
+* * "Description Of Methods"
+
+Additional documentation can be found in
+
+* * IO::Socket::SSL::Intercept - Doing Man-In-The-Middle with SSL
+
+* * IO::Socket::SSL::Utils - Useful functions for certificates etc
+
+%prep
+%autosetup  -n %{cpan_name}-%{cpan_version} -p1
+
+find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -path "*/scripts/*" ! -name "configure" -print0 | xargs -0 chmod 644
+
+%build
+perl Makefile.PL INSTALLDIRS=vendor
+%make_build
+
+%check
+make test
+
+%install
+%perl_make_install
+%perl_process_packlist
+%perl_gen_filelist
+
+%files -f %{name}.files
+%doc BUGS Changes docs example README README.Win32
+
+%changelog