Accepting request 517388 from home:msmeissn:branches:network:utilities

- socat-openssl-1.1-tests.patch: make tests work on openssl1. (bsc#1042674) OBS-URL: https://build.opensuse.org/request/show/517388 OBS-URL: https://build.opensuse.org/package/show/network:utilities/socat?expand=0&rev=40
2017-08-17 15:39:34 +00:00 · 2017-08-17 15:39:34 +00:00 · 9e853f9c54
commit 9e853f9c54
parent 853f2497fd
3 changed files with 66 additions and 1 deletions
--- a/socat-openssl-1.1-tests.patch
+++ b/socat-openssl-1.1-tests.patch
@ -0,0 +1,55 @@
+OpenSSL 1.1 introduces the concept of security levels, in attempt to prevent
+users from accidently setting insecure ciphers.
+aNULL ciphers are considered insecure and are only allowed in Security Level 0.
+The default Security Level is 1.
+Unfortunately a cipher string featuring @SECLEVEL=0 is not accepted in older
+OpenSSL versions, thus this patch should be applied to newer distributions only.
+
+Index: socat-1.7.3.2/test.sh
+===================================================================
+--- socat-1.7.3.2.orig/test.sh	2017-01-22 19:07:10.000000000 +0100
+++ socat-1.7.3.2/test.sh	2017-08-17 12:36:50.809352091 +0200
+@@ -11227,8 +11227,8 @@ tf="$td/test$N.stdout"
+ te="$td/test$N.stderr"
+ tdiff="$td/test$N.diff"
+ da="test$N $(date) $RANDOM"
+-CMD2="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,$SOCAT_EGD,ciphers=aNULL,verify=0 pipe"
+-CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,ciphers=aNULL,verify=0,$SOCAT_EGD"
+CMD2="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,$SOCAT_EGD,ciphers=aNULL:@SECLEVEL=0,verify=0 pipe"
+CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,ciphers=aNULL:@SECLEVEL=0,verify=0,$SOCAT_EGD"
+ printf "test $F_n $TEST... " $N
+ eval "$CMD2 2>\"${te}1\" &"
+ pid=$!	# background process id
+@@ -11632,8 +11632,8 @@ tf1="$td/test$N.1.stdout"
+ te1="$td/test$N.1.stderr"
+ tdiff="$td/test$N.diff"
+ da="test$N $(date) $RANDOM"
+-CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL,verify=0, PIPE"
+-CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL,verify=0"
+CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL:@SECLEVEL=0,verify=0, PIPE"
+CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL:@SECLEVEL=0,verify=0"
+ printf "test $F_n $TEST... " $N
+ $CMD0 >/dev/null 2>"$te0" &
+ pid0=$!
+@@ -12191,8 +12191,8 @@ tf="$td/test$N.stdout"
+ te="$td/test$N.stderr"
+ tdiff="$td/test$N.diff"
+ da="test$N $(date) $RANDOM"
+-CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cipher=aNULL,verify=0 SYSTEM:cat"
+-CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=aNULL,verify=0"
+CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cipher=aNULL:@SECLEVEL=0,verify=0 SYSTEM:cat"
+CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=aNULL:@SECLEVEL=0,verify=0"
+ printf "test $F_n $TEST... " $N
+ $CMD0 >/dev/null 2>"${te}0" &
+ pid0=$!
+@@ -12302,8 +12302,8 @@ tf="$td/test$N.stdout"
+ te="$td/test$N.stderr"
+ tdiff="$td/test$N.diff"
+ da="test$N $(date) $RANDOM"
+-CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cipher=aNULL,verify=0 PIPE"
+-CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,cipher=aNULL,verify=0"
+CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cipher=aNULL:@SECLEVEL=0,verify=0 PIPE"
+CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,cipher=aNULL:@SECLEVEL=0,verify=0"
+ printf "test $F_n $TEST... " $N
+ if [ "$method" = DTLS1 -a "$(echo -e "$OPENSSL_VERSION\n1.0.2" |sort -V |tail -n 1)" = "$OPENSSL_VERSION_GOOD" ]; then
+     $PRINTF "${YELLOW}might hang, skipping${NORMAL}\n"
--- a/socat.changes
+++ b/socat.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Aug 17 13:42:49 UTC 2017 - meissner@suse.com
+
+- socat-openssl-1.1-tests.patch: make tests work on openssl1. (bsc#1042674)
+
 -------------------------------------------------------------------
 Mon Apr 10 14:56:19 UTC 2017 - sweet_f_a@gmx.de

--- a/socat.spec
+++ b/socat.spec
@ -1,7 +1,7 @@
 #
 # spec file for package socat
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2010 Pascal Bleser <pascal.bleser@opensuse.org>
 #
 # All modifications and additions to the file contributed by third parties
@ -42,6 +42,7 @@ Summary:        Multipurpose relay for bidirectional data transfer
 License:        SUSE-GPL-2.0-with-openssl-exception and MIT
 Group:          Productivity/Networking/Other
 Source:         http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2
+Patch0:         socat-openssl-1.1-tests.patch
 Source1:        %{name}.changes
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

@ -55,6 +56,10 @@ combination of two of these.

 %prep
 %setup
+if pkg-config --atleast-version=1.1 openssl 
+then
+%patch0 -p1
+fi

 %build
 # export deterministic BUILD_DATE, format like "__DATE__ __TIME__"