From 1d4584100562ec207452125a1c8291aaf9cd8806 Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Sep 03 2022 12:03:01 +0000
Subject: Update to 2.075


- New upstream release 2.075
  - Treat SSL_write returning 0 same as previously -1, as suggested by both
    OpenSSL and LibreSSL documentation
  - Propagate error from SSL_shutdown, unless the shutdown is caused by an outer
    SSL error, in which case keep the original error
  - Small test fixes
- Use SPDX-format license tag

---

diff --git a/IO-Socket-SSL-2.074-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.074-use-system-default-SSL-version.patch
deleted file mode 100644
index fda4dc5..0000000
--- a/IO-Socket-SSL-2.074-use-system-default-SSL-version.patch
+++ /dev/null
@@ -1,36 +0,0 @@
---- lib/IO/Socket/SSL.pm
-+++ lib/IO/Socket/SSL.pm
-@@ -197,7 +197,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
- # global defaults
- my %DEFAULT_SSL_ARGS = (
-     SSL_check_crl => 0,
--    SSL_version => 'SSLv23:!SSLv3:!SSLv2', # consider both SSL3.0 and SSL2.0 as broken
-+    SSL_version => '',
-     SSL_verify_callback => undef,
-     SSL_verifycn_scheme => undef,  # fallback cn verification
-     SSL_verifycn_publicsuffix => undef,  # fallback default list verification
-@@ -2386,7 +2386,7 @@ sub new {
- 
-     my $ssl_op = $DEFAULT_SSL_OP;
- 
--    my $ver;
-+    my $ver = '';
-     for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
- 	m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[123])?))$}i
- 	or croak("invalid SSL_version specified");
---- lib/IO/Socket/SSL.pod
-+++ lib/IO/Socket/SSL.pod
-@@ -1043,11 +1043,12 @@ All values are case-insensitive.  Instea
- 'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'.  Support for
- 'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay
- and openssl.
-+The default SSL_version is defined by the underlying cryptographic library.
- 
- Independent from the handshake format you can limit to set of accepted SSL
- versions by adding !version separated by ':'.
- 
--The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the
-+For example, 'SSLv23:!SSLv3:!SSLv2' means that the
- handshake format is compatible to SSL2.0 and higher, but that the successful
- handshake is limited to TLS1.0 and higher, that is no SSL2.0 or SSL3.0 because
- both of these versions have serious security issues and should not be used
diff --git a/IO-Socket-SSL-2.075-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.075-use-system-default-SSL-version.patch
new file mode 100644
index 0000000..bee1a9d
--- /dev/null
+++ b/IO-Socket-SSL-2.075-use-system-default-SSL-version.patch
@@ -0,0 +1,36 @@
+--- lib/IO/Socket/SSL.pm
++++ lib/IO/Socket/SSL.pm
+@@ -197,7 +197,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
+ # global defaults
+ my %DEFAULT_SSL_ARGS = (
+     SSL_check_crl => 0,
+-    SSL_version => 'SSLv23:!SSLv3:!SSLv2', # consider both SSL3.0 and SSL2.0 as broken
++    SSL_version => '',
+     SSL_verify_callback => undef,
+     SSL_verifycn_scheme => undef,  # fallback cn verification
+     SSL_verifycn_publicsuffix => undef,  # fallback default list verification
+@@ -2393,7 +2393,7 @@ sub new {
+ 
+     my $ssl_op = $DEFAULT_SSL_OP;
+ 
+-    my $ver;
++    my $ver = '';
+     for (split(/\s*:\s*/,$arg_hash->{SSL_version})) {
+ 	m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[123])?))$}i
+ 	or croak("invalid SSL_version specified");
+--- lib/IO/Socket/SSL.pod
++++ lib/IO/Socket/SSL.pod
+@@ -1043,11 +1043,12 @@ All values are case-insensitive.  Instea
+ 'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'.  Support for
+ 'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay
+ and openssl.
++The default SSL_version is defined by the underlying cryptographic library.
+ 
+ Independent from the handshake format you can limit to set of accepted SSL
+ versions by adding !version separated by ':'.
+ 
+-The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the
++For example, 'SSLv23:!SSLv3:!SSLv2' means that the
+ handshake format is compatible to SSL2.0 and higher, but that the successful
+ handshake is limited to TLS1.0 and higher, that is no SSL2.0 or SSL3.0 because
+ both of these versions have serious security issues and should not be used
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index 047738a..a320877 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -6,14 +6,14 @@
 %bcond_without perl_IO_Socket_SSL_test_IO_Socket_INET6
 
 Name:		perl-IO-Socket-SSL
-Version:	2.074
-Release:	4%{?dist}
+Version:	2.075
+Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
-License:	(GPL+ or Artistic) and MPLv2.0
+License:	(GPL-1.0-or-later OR Artistic-1.0-Perl) AND MPL-2.0
 URL:		https://metacpan.org/release/IO-Socket-SSL
 Source0:	https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
 Patch0:		IO-Socket-SSL-2.074-use-system-default-cipher-list.patch
-Patch1:		IO-Socket-SSL-2.074-use-system-default-SSL-version.patch
+Patch1:		IO-Socket-SSL-2.075-use-system-default-SSL-version.patch
 # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
 # bug #1632660, requires openssl tool
 Patch2:		IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
@@ -109,7 +109,7 @@ NO_NETWORK_TESTING=1 perl Makefile.PL \
 make test
 
 %files
-# GPL+ or Artistic
+# GPL-1.0-or-later OR Artistic-1.0-Perl
 %doc BUGS Changes README docs/ example/
 %dir %{perl_vendorlib}/IO/
 %dir %{perl_vendorlib}/IO/Socket/
@@ -121,11 +121,20 @@ make test
 %{_mandir}/man3/IO::Socket::SSL.3*
 %{_mandir}/man3/IO::Socket::SSL::Intercept.3*
 %{_mandir}/man3/IO::Socket::SSL::Utils.3*
-# MPLv2.0
+# MPL-2.0
 %{perl_vendorlib}/IO/Socket/SSL/PublicSuffix.pm
 %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
 
 %changelog
+* Sat Sep  3 2022 Paul Howarth <paul@city-fan.org> - 2.075-1
+- Update to 2.075
+  - Treat SSL_write returning 0 same as previously -1, as suggested by both
+    OpenSSL and LibreSSL documentation
+  - Propagate error from SSL_shutdown, unless the shutdown is caused by an outer
+    SSL error, in which case keep the original error
+  - Small test fixes
+- Use SPDX-format license tag
+
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.074-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 
diff --git a/sources b/sources
index 688393a..0fa65fa 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (IO-Socket-SSL-2.074.tar.gz) = cafbf11a986b8fb5ce06bdf1e7a83741e2eef74d4bf054f0e0cd490959eddf54d32d3d4e786de52750dccc07139d8a1b5d5979080d0f1c1464e0004ccf98a6b0
+SHA512 (IO-Socket-SSL-2.075.tar.gz) = ed693aa360e669401d5d2b81d988d6d2bd39f042452d7194cc8a7ec2dccf1dfa213ecb29572178a3abfdd20af999217d19a3d9a4c7978207a2edaac5148c9853