Accepting request 297987 from devel:languages:perl

1

OBS-URL: https://build.opensuse.org/request/show/297987
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-IO-Socket-SSL?expand=0&rev=67

IO-Socket-SSL-1.997.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:acdb67b5b63aea5b7e70c3e4c70a16128810329592b63753a38c794aff76a1dd
-size 186642

IO-Socket-SSL-2.012.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02bd7f17ceb492e396eca6627f50aaa2a3ddfcb5bfa3889ddf145383b0b179d9
+size 193636

cpanspec.yml

@@ -0,0 +1,3 @@
+---
+patches:
+ perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch: -p1

perl-IO-Socket-SSL.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Fri Apr 17 12:32:39 UTC 2015 - vcizek@suse.com
+
+- add DHE-RSA to the default client cipher list to support PFS with
+  older machines (bnc#924976)
+  * added perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
+- add cpanspec.yml to support automatic version updates
+  (see http://lists.opensuse.org/opensuse-packaging/2015-04/msg00084.html)
+
+-------------------------------------------------------------------
+Tue Apr 14 18:29:56 UTC 2015 - coolo@suse.com
+
+- updated to 2.012
+   see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
+
+  2.012 2014/02/02
+  - fix t/ocsp.t in case no HTTP::Tiny is installed
+  2.011 2014/02/01
+  - fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling #101855
+  - added option 'purpose' to Utils::CERT_create to get better control of the
+    certificates purpose. Default is 'server,client' for non-CA (contrary to
+    only 'server' before)
+  - removed RC4 from default cipher suites on the server site
+    https://github.com/noxxi/p5-io-socket-ssl/issues/22
+  - refactoring of some tests using Test::More thanks to Sweet-kid and the
+    2015 Pull Request Challenge
+  2.010 2014/01/14
+  - new options SSL_client_ca_file and SSL_client_ca to let the server send
+    the list of acceptable CAs for the client certificate.
+  - t/protocol_version.t - fix in case SSLv3 is not supported in Net::SSLeay. 
+    RT#101485, thanks to TEAM.
+  2.009 2014/01/12
+  - remove util/analyze.pl. This tool is now together with other SSL tools in
+    https://github.com/noxxi/p5-ssl-tools
+  - added ALPN support (needs OpenSSL1.02, Net::SSLeay 1.56+) thanks to TEAM,
+    RT#101452
+  2.008 2014/12/16
+  - work around recent OCSP verification errors for revoked.grc.com (badly signed
+    OCSP response, Firefox also complains about it) in test t/external/ocsp.t.
+  - util/analyze.pl - report more details about preferred cipher for specific TLS
+    versions
+  2.007 2014/11/26
+  - make getline/readline fall back to super class if class is not sslified yet,
+    i.e. behave the same as sysread, syswrite etc.
+    This fixes RT#100529
+  2.006 2014/11/22
+  - Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead of
+    EAGAIN. While this is the same on UNIX it is different on Windows and socket
+    operations return there (WSA)EWOULDBLOCK and not EAGAIN. Enable non-blocking
+    tests on Windows too.
+  - make PublicSuffix::_default_data thread safe
+  - update PublicSuffix with latest list from publicsuffix.org
+  2.005 2014/11/15
+  - next try to fix t/protocol_version.t for OpenSSL w/o SSLv3 support
+  2.004 2014/11/15
+  - only test fix: fix t/protocol_version.t to deal with OpenSSL installations
+    which are compiled without SSLv3 support.
+  2.003 2014/11/14
+  - make SSLv3 available even if the SSL library disables it by default in
+    SSL_CTX_new (like done in LibreSSL). Default will stay to disable SSLv3,
+    so this will be only done when setting SSL_version explicitly.
+  - fix possible segmentation fault when trying to use an invalid certificate,
+    reported by Nick Andrew.
+  - Use only the ICANN part of the default public suffix list and not the
+    private domains. This makes existing exceptions for s3.amazonaws.com and
+    googleapis.com obsolete. Thanks to Gervase Markham from mozilla.org.
+  2.002 2014/10/21
+  - fix check for (invalid) IPv4 when validating hostname against certificate. Do
+    not use inet_aton any longer because it can cause DNS lookups for malformed
+    IP. RT#99448, thanks to justincase[AT]yopmail[DOT]com.
+  - Update PublicSuffix with latest version from publicsuffix.org - lots of new
+    top level domains.
+  - Add exception to PublicSuffix for s3.amazonaws.com - RT#99702, thanks to
+    cpan[AT]cpanel[DOT]net.
+  2.001 2014/10/21
+  - Add SSL_OP_SINGLE_(DH|ECDH)_USE to default options to increase PFS security.
+    Thanks to Heikki Vatiainen for suggesting.
+  - Update external tests with currently expected fingerprints of hosts.
+  - Some fixes to make it still work on 5.8.1.
+  2.000 2014/10/15
+  - consider SSL3.0 as broken because of POODLE and disable it by default.
+  - Skip live tests without asking if environment NO_NETWORK_TESTING is set.
+    Thanks to ntyni[AT]debian[DOT]org for suggestion.
+  - skip tests which require fork on non-default windows setups without proper
+    fork. Thanks to SHAY for https://github.com/noxxi/p5-io-socket-ssl/pull/18
+  1.999 2014/10/09
+  - make sure we don't use version 0.30 of IO::Socket::IP
+  - make sure that PeerHost is checked on all places where PeerAddr is
+    checked, because these are synonyms and IO::Socket::IP prefers PeerHost
+    while others prefer PeerAddr. Also accept PeerService additionally to
+    PeerPort.
+    See https://github.com/noxxi/p5-io-socket-ssl/issues/16 for details.
+  - add ability to use client certificates and to overwrite hostname with
+    util/analyze-ssl.pl.
+  1.998 2014/09/07
+  - make client authentication work at the server side when SNI is in by use
+    having CA path and other settings in all SSL contexts instead of only the main
+    one.  Based on code from lundstrom[DOT]jerry[AT]gmail[DOT]com,
+    https://github.com/noxxi/p5-io-socket-ssl/pull/15
+
 -------------------------------------------------------------------
 Fri Jul 25 09:32:05 UTC 2014 - coolo@suse.com
 

perl-IO-Socket-SSL.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package perl-IO-Socket-SSL
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,16 @@
 
 
 Name:           perl-IO-Socket-SSL
-Version:        1.997
+Version:        2.012
 Release:        0
 %define cpan_name IO-Socket-SSL
-Summary:        Nearly transparent SSL encapsulation for IO::Socket::INET.
+Summary:        Nearly transparent SSL encapsulation for IO::Socket::INET
 License:        Artistic-1.0 or GPL-1.0+
 Group:          Development/Libraries/Perl
 Url:            http://search.cpan.org/dist/IO-Socket-SSL/
 Source:         http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz
+Source1:        cpanspec.yml
+Patch:          perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
 BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
@@ -76,6 +78,7 @@ Additional documentation can be found in
 
 %prep
 %setup -q -n %{cpan_name}-%{version}
+%patch -p1
 
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -91,6 +94,6 @@ Additional documentation can be found in
 
 %files -f %{name}.files
 %defattr(-,root,root,755)
-%doc BUGS Changes example README README.Win32 util
+%doc BUGS Changes example README README.Win32
 
 %changelog

perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch

@@ -0,0 +1,14 @@
+Index: IO-Socket-SSL-2.012/lib/IO/Socket/SSL.pm
+===================================================================
+--- IO-Socket-SSL-2.012.orig/lib/IO/Socket/SSL.pm	2015-02-02 08:44:32.000000000 +0100
++++ IO-Socket-SSL-2.012/lib/IO/Socket/SSL.pm	2015-04-18 11:37:15.730344825 +0200
+@@ -129,6 +129,9 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
+ 	    DHE-DSS-AES128-SHA
+ 	    DHE-DSS-AES256-SHA256
+ 	    DHE-DSS-AES256-SHA
++            DHE-RSA-AES128-SHA
++            DHE-RSA-AES256-SHA256
++            DHE-RSA-AES256-SHA
+ 	    AES128-SHA256
+ 	    AES128-SHA
+ 	    AES256-SHA256