diff --git a/IO-Socket-SSL-1.58-dhe.patch b/IO-Socket-SSL-1.58-dhe.patch new file mode 100644 index 0000000..a38015f --- /dev/null +++ b/IO-Socket-SSL-1.58-dhe.patch @@ -0,0 +1,16 @@ +Fedora's openssl is patched to keep OPENSSL_VERSION_NUMBER stable +to give the appearance of ABI stability, which breaks tests like +this one; fortunately it's safe to roll back the version number +in a way that works with genuine 1.0.0 releases. + +--- IO-Socket-SSL/t/dhe.t ++++ IO-Socket-SSL/t/dhe.t +@@ -35,7 +35,7 @@ + # openssl 1.0.1(beta2) complains about the rsa key too small, unless + # we explicitly set version to tlsv1 or sslv3 + # unfortunatly the workaround fails for older openssl versions :( +- (Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x10001000) ++ (Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x10000000) + ? ( SSL_version => 'tlsv1' ):() + ) || do { + notok($!); diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec index c6c0ab1..53bf32e 100644 --- a/perl-IO-Socket-SSL.spec +++ b/perl-IO-Socket-SSL.spec @@ -1,20 +1,19 @@ -# -# Rebuild switch: -# --with sessiontests enable session tests -# - Name: perl-IO-Socket-SSL -Version: 1.56 +Version: 1.58 Release: 1%{?dist} Summary: Perl library for transparent SSL Group: Development/Libraries License: GPL+ or Artistic URL: http://search.cpan.org/dist/IO-Socket-SSL/ Source0: http://search.cpan.org/CPAN/authors/id/S/SU/SULLR/IO-Socket-SSL-%{version}.tar.gz +Patch0: IO-Socket-SSL-1.58-dhe.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildArch: noarch -BuildRequires: perl(Carp), perl(ExtUtils::MakeMaker), perl(Test::Simple) -BuildRequires: perl(IO::Socket::INET6), perl(Net::LibIDN), perl(Net::SSLeay) >= 1.21 +BuildRequires: perl(Carp) +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(IO::Socket::INET6) +BuildRequires: perl(Net::LibIDN) +BuildRequires: perl(Net::SSLeay) >= 1.21 BuildRequires: procps Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) Requires: perl(Net::LibIDN) @@ -31,6 +30,11 @@ mod_perl. %prep %setup -q -n IO-Socket-SSL-%{version} +# Need to drop back the OPENSSL_VERSION_NUMBER value in the dhe.t workaround +# because OPENSSL_VERSION_NUMBER is patched in Fedora to look like 1.0.0 beta3 +# even though it's 1.0.1 beta2, which breaks the workaround +%patch0 -p1 + %build perl Makefile.PL INSTALLDIRS=vendor make %{?_smp_mflags} @@ -42,11 +46,7 @@ find %{buildroot} -type f -name .packlist -exec rm -f {} ';' %{_fixperms} %{buildroot} %check -# Avoid running the session tests (spawns servers, requires 3 free ports -# and possibly manual configuration). -%{?!_with_sessiontests:mv t/sessions.t{,.disable}} make test -%{?!_with_sessiontests:mv t/sessions.t{.disable,}} %clean rm -rf %{buildroot} @@ -58,6 +58,18 @@ rm -rf %{buildroot} %{_mandir}/man3/IO::Socket::SSL.3pm* %changelog +* Mon Feb 27 2012 Paul Howarth - 1.58-1 +- Update to 1.58 + - fix t/dhe.t for openssl 1.0.1 beta by forcing TLSv1, so that it does not + complain about the too small RSA key, which it should not use anyway; this + workaround is not applied for older openssl versions, where it would cause + failures (CPAN RT#75165) +- Add patch to fiddle the openssl version number in the t/dhe.t workaround + because the OPENSSL_VERSION_NUMBER cannot be trusted in Fedora +- One buildreq per line for readability +- Drop redundant buildreq perl(Test::Simple) +- Always run full test suite + * Wed Feb 22 2012 Paul Howarth - 1.56-1 - Update to 1.56 - add automatic or explicit (via SSL_hostname) SNI support, needed for diff --git a/sources b/sources index 86e2a81..4d7ce92 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ecd27ecdae9b39bdf0dc252be9f8023b IO-Socket-SSL-1.56.tar.gz +c8c5dd8461afa74ce7a1e23fc96381ab IO-Socket-SSL-1.58.tar.gz