Sync from SUSE:SLFO:Main perl-IO-Socket-SSL revision 3a0b20d3273dedcfb3508ef5624f20e8

This commit is contained in:
Adrian Schröter 2024-05-03 18:23:45 +02:00
commit c190c45b17
7 changed files with 1642 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
IO-Socket-SSL-2.084.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

5
cpanspec.yml Normal file
View File

@ -0,0 +1,5 @@
patches:
perl-IO-Socket-SSL-use-system-default-cipher-list.patch: -p1 PATCH-FIX-UPSTREAM (bsc1200295) perl-IO-Socket-SSL doesn't follow system "PROFILE=SYSTEM" openSSL ciphers - https://git.centos.org/rpms/perl-IO-Socket-SSL/blob/e0b0ae04f5cdb41b1f29cb7d76c23abba7ac35e9/f/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
ignore_requires: Mozilla::CA
prep: |-
rm README.Win32

View File

@ -0,0 +1,23 @@
From 7c0798d6de3467603dff42253448e36aded7f5ac Mon Sep 17 00:00:00 2001
From: Steffen Ullrich <github@maulwuff.de>
Date: Fri, 22 Dec 2023 08:07:20 +0100
Subject: [PATCH] fixed test fail #147 with OpenSSL 3.2
---
t/core.t | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/t/core.t b/t/core.t
index e194811..22d78fb 100755
--- a/t/core.t
+++ b/t/core.t
@@ -74,7 +74,8 @@ unless (fork) {
LocalAddr => $localip,
);
print $client "Test\n";
- is( <$client>, "This server is SSL only", "Client non-SSL connection");
+
+ like( <$client>, qr/This server is SSL only/, "Client non-SSL connection");
close $client;
$client = IO::Socket::SSL->new(

View File

@ -0,0 +1,34 @@
Index: IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pm
===================================================================
--- IO-Socket-SSL-2.074.orig/lib/IO/Socket/SSL.pm
+++ IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pm
@@ -205,8 +205,10 @@ my %DEFAULT_SSL_ARGS = (
SSL_npn_protocols => undef, # meaning depends whether on server or client side
SSL_alpn_protocols => undef, # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
- # rely on system default but be sure to disable some definitely bad ones
- SSL_cipher_list => 'DEFAULT !EXP !MEDIUM !LOW !eNULL !aNULL !RC4 !DES !MD5 !PSK !SRP',
+ # Use system-wide default cipher list to support use of system-wide
+ # crypto policy (#1076390, #1127577, CPAN RT#97816)
+ # https://fedoraproject.org/wiki/Changes/CryptoPolicy
+ SSL_cipher_list => 'PROFILE=SYSTEM',
);
my %DEFAULT_SSL_CLIENT_ARGS = (
Index: IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pod
===================================================================
--- IO-Socket-SSL-2.074.orig/lib/IO/Socket/SSL.pod
+++ IO-Socket-SSL-2.074/lib/IO/Socket/SSL.pod
@@ -1070,9 +1070,8 @@ ciphers for TLS 1.2 and lower. See the O
for more details.
Unless you fail to contact your peer because of no shared ciphers it is
-recommended to leave this option at the default setting, which uses the system
-default but disables some insecure ciphers which might still be enabled on older
-systems.
+recommended to leave this option at the default setting, which honors the
+system-wide PROFILE=SYSTEM cipher list.
In case different cipher lists are needed for different SNI hosts a hash can be
given with the host as key and the cipher suite as value, similar to

1442
perl-IO-Socket-SSL.changes Normal file

File diff suppressed because it is too large Load Diff

112
perl-IO-Socket-SSL.spec Normal file
View File

@ -0,0 +1,112 @@
#
# spec file for package perl-IO-Socket-SSL
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define cpan_name IO-Socket-SSL
Name: perl-IO-Socket-SSL
Version: 2.84.0
Release: 0
%define cpan_version 2.084
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Nearly transparent SSL encapsulation for IO::Socket::INET
URL: https://metacpan.org/release/%{cpan_name}
Source0: https://cpan.metacpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{cpan_version}.tar.gz
Source1: cpanspec.yml
# PATCH-FIX-UPSTREAM (bsc1200295) perl-IO-Socket-SSL doesn't follow system "PROFILE=SYSTEM" openSSL ciphers - https://git.centos.org/rpms/perl-IO-Socket-SSL/blob/e0b0ae04f5cdb41b1f29cb7d76c23abba7ac35e9/f/SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
Patch0: perl-IO-Socket-SSL-use-system-default-cipher-list.patch
# PATCH-FIX-UPSTREAM (bsc#1218342) Fix the test t/core.t to build with OpenSSL 3.2.0
Patch1: perl-IO-Socket-SSL-Openssl32.patch
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl-macros
#BuildRequires: perl(Mozilla::CA)
BuildRequires: perl(Net::SSLeay) >= 1.46
#Requires: perl(Mozilla::CA)
Requires: perl(Net::SSLeay) >= 1.46
Provides: perl(IO::Socket::SSL) = 2.84.0
Provides: perl(IO::Socket::SSL::Intercept) = 2.056
Provides: perl(IO::Socket::SSL::OCSP_Cache)
Provides: perl(IO::Socket::SSL::OCSP_Resolver)
Provides: perl(IO::Socket::SSL::PublicSuffix)
Provides: perl(IO::Socket::SSL::SSL_Context)
Provides: perl(IO::Socket::SSL::SSL_HANDLE)
Provides: perl(IO::Socket::SSL::Session_Cache)
Provides: perl(IO::Socket::SSL::Trace)
Provides: perl(IO::Socket::SSL::Utils) = 2.015
%define __perllib_provides /bin/true
%{perl_requires}
%description
IO::Socket::SSL makes using SSL/TLS much easier by wrapping the necessary
functionality into the familiar IO::Socket interface and providing secure
defaults whenever possible. This way, existing applications can be made
SSL-aware without much effort, at least if you do blocking I/O and don't
use select or poll.
But, under the hood, SSL is a complex beast. So there are lots of methods
to make it do what you need if the default behavior is not adequate.
Because it is easy to inadvertently introduce critical security bugs or
just hard to debug problems, I would recommend studying the following
documentation carefully.
The documentation consists of the following parts:
* * "Essential Information About SSL/TLS"
* * "Basic SSL Client"
* * "Basic SSL Server"
* * "Common Usage Errors"
* * "Common Problems with SSL"
* * "Using Non-Blocking Sockets"
* * "Advanced Usage"
* * "Integration Into Own Modules"
* * "Description Of Methods"
Additional documentation can be found in
* * IO::Socket::SSL::Intercept - Doing Man-In-The-Middle with SSL
* * IO::Socket::SSL::Utils - Useful functions for certificates etc
%prep
%autosetup -n %{cpan_name}-%{cpan_version} -p1
find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -path "*/scripts/*" ! -name "configure" -print0 | xargs -0 chmod 644
%build
perl Makefile.PL INSTALLDIRS=vendor
%make_build
%check
make test
%install
%perl_make_install
%perl_process_packlist
%perl_gen_filelist
%files -f %{name}.files
%doc BUGS Changes docs example README README.Win32
%changelog