From 9e853f9c54970997bb856490f04738c664eb5b40bd85d250ed42213fdef2a822 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Thu, 17 Aug 2017 15:39:34 +0000
Subject: [PATCH] Accepting request 517388 from
 home:msmeissn:branches:network:utilities

- socat-openssl-1.1-tests.patch: make tests work on openssl1. (bsc#1042674)

OBS-URL: https://build.opensuse.org/request/show/517388
OBS-URL: https://build.opensuse.org/package/show/network:utilities/socat?expand=0&rev=40
---
 socat-openssl-1.1-tests.patch | 55 +++++++++++++++++++++++++++++++++++
 socat.changes                 |  5 ++++
 socat.spec                    |  7 ++++-
 3 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 socat-openssl-1.1-tests.patch

diff --git a/socat-openssl-1.1-tests.patch b/socat-openssl-1.1-tests.patch
new file mode 100644
index 0000000..f238e5b
--- /dev/null
+++ b/socat-openssl-1.1-tests.patch
@@ -0,0 +1,55 @@
+OpenSSL 1.1 introduces the concept of security levels, in attempt to prevent
+users from accidently setting insecure ciphers.
+aNULL ciphers are considered insecure and are only allowed in Security Level 0.
+The default Security Level is 1.
+Unfortunately a cipher string featuring @SECLEVEL=0 is not accepted in older
+OpenSSL versions, thus this patch should be applied to newer distributions only.
+
+Index: socat-1.7.3.2/test.sh
+===================================================================
+--- socat-1.7.3.2.orig/test.sh	2017-01-22 19:07:10.000000000 +0100
++++ socat-1.7.3.2/test.sh	2017-08-17 12:36:50.809352091 +0200
+@@ -11227,8 +11227,8 @@ tf="$td/test$N.stdout"
+ te="$td/test$N.stderr"
+ tdiff="$td/test$N.diff"
+ da="test$N $(date) $RANDOM"
+-CMD2="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,$SOCAT_EGD,ciphers=aNULL,verify=0 pipe"
+-CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,ciphers=aNULL,verify=0,$SOCAT_EGD"
++CMD2="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,$SOCAT_EGD,ciphers=aNULL:@SECLEVEL=0,verify=0 pipe"
++CMD="$TRACE $SOCAT $opts - openssl:$LOCALHOST:$PORT,ciphers=aNULL:@SECLEVEL=0,verify=0,$SOCAT_EGD"
+ printf "test $F_n $TEST... " $N
+ eval "$CMD2 2>\"${te}1\" &"
+ pid=$!	# background process id
+@@ -11632,8 +11632,8 @@ tf1="$td/test$N.1.stdout"
+ te1="$td/test$N.1.stderr"
+ tdiff="$td/test$N.diff"
+ da="test$N $(date) $RANDOM"
+-CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL,verify=0, PIPE"
+-CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL,verify=0"
++CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,ciphers=aNULL:@SECLEVEL=0,verify=0, PIPE"
++CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,bind=$LOCALHOST,ciphers=aNULL:@SECLEVEL=0,verify=0"
+ printf "test $F_n $TEST... " $N
+ $CMD0 >/dev/null 2>"$te0" &
+ pid0=$!
+@@ -12191,8 +12191,8 @@ tf="$td/test$N.stdout"
+ te="$td/test$N.stderr"
+ tdiff="$td/test$N.diff"
+ da="test$N $(date) $RANDOM"
+-CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cipher=aNULL,verify=0 SYSTEM:cat"
+-CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=aNULL,verify=0"
++CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cipher=aNULL:@SECLEVEL=0,verify=0 SYSTEM:cat"
++CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=aNULL:@SECLEVEL=0,verify=0"
+ printf "test $F_n $TEST... " $N
+ $CMD0 >/dev/null 2>"${te}0" &
+ pid0=$!
+@@ -12302,8 +12302,8 @@ tf="$td/test$N.stdout"
+ te="$td/test$N.stderr"
+ tdiff="$td/test$N.diff"
+ da="test$N $(date) $RANDOM"
+-CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cipher=aNULL,verify=0 PIPE"
+-CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,cipher=aNULL,verify=0"
++CMD0="$SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,method=$method,cipher=aNULL:@SECLEVEL=0,verify=0 PIPE"
++CMD1="$SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,method=$method,cipher=aNULL:@SECLEVEL=0,verify=0"
+ printf "test $F_n $TEST... " $N
+ if [ "$method" = DTLS1 -a "$(echo -e "$OPENSSL_VERSION\n1.0.2" |sort -V |tail -n 1)" = "$OPENSSL_VERSION_GOOD" ]; then
+     $PRINTF "${YELLOW}might hang, skipping${NORMAL}\n"
diff --git a/socat.changes b/socat.changes
index 1416bef..3bdfdd7 100644
--- a/socat.changes
+++ b/socat.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Aug 17 13:42:49 UTC 2017 - meissner@suse.com
+
+- socat-openssl-1.1-tests.patch: make tests work on openssl1. (bsc#1042674)
+
 -------------------------------------------------------------------
 Mon Apr 10 14:56:19 UTC 2017 - sweet_f_a@gmx.de
 
diff --git a/socat.spec b/socat.spec
index dbbf7ae..bed2574 100644
--- a/socat.spec
+++ b/socat.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package socat
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2010 Pascal Bleser <pascal.bleser@opensuse.org>
 #
 # All modifications and additions to the file contributed by third parties
@@ -42,6 +42,7 @@ Summary:        Multipurpose relay for bidirectional data transfer
 License:        SUSE-GPL-2.0-with-openssl-exception and MIT
 Group:          Productivity/Networking/Other
 Source:         http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2
+Patch0:         socat-openssl-1.1-tests.patch
 Source1:        %{name}.changes
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -55,6 +56,10 @@ combination of two of these.
 
 %prep
 %setup
+if pkg-config --atleast-version=1.1 openssl 
+then
+%patch0 -p1
+fi
 
 %build
 # export deterministic BUILD_DATE, format like "__DATE__ __TIME__"