4 changed files with 182 additions and 67 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/Net-SSLeay-1.92.tar.gz
+SOURCES/Net-SSLeay-1.94.tar.gz
--- a/.perl-Net-SSLeay.metadata
+++ b/.perl-Net-SSLeay.metadata
@ -1 +1 @@
-03daf8b342ea57a9b1eef0689275ec99e5008e21 SOURCES/Net-SSLeay-1.92.tar.gz
+dd5b22da7d4214685dc54f3881370d26b6585dfb SOURCES/Net-SSLeay-1.94.tar.gz
--- a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
+++ b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
@ -1,12 +1,12 @@
-diff -ru Net-SSLeay-1.90.orig/t/local/44_sess.t Net-SSLeay-1.90/t/local/44_sess.t
+diff -up Net-SSLeay-1.94/t/local/44_sess.t.orig Net-SSLeay-1.94/t/local/44_sess.t
--- Net-SSLeay-1.90.orig/t/local/44_sess.t	2020-12-12 14:55:23.000000000 +0100
+--- Net-SSLeay-1.94/t/local/44_sess.t.orig	2024-06-17 15:55:57.760001634 +0200
-+++ Net-SSLeay-1.90/t/local/44_sess.t	2021-06-04 18:50:09.733150048 +0200
+++ Net-SSLeay-1.94/t/local/44_sess.t	2024-06-17 15:57:33.333795022 +0200
-@@ -13,13 +13,13 @@
+@@ -15,13 +15,13 @@ use English qw( $EVAL_ERROR $OSNAME $PER
 if (not can_fork()) {
     plan skip_all => "fork() not supported on this system";
 } else {
-    plan tests => 58;
+-    plan tests => 67;
-+    plan tests => 34;
+    plan tests => 39;
 }
 initialise_libssl();
@ -17,15 +17,15 @@ diff -ru Net-SSLeay-1.90.orig/t/local/44_sess.t Net-SSLeay-1.90/t/local/44_sess.
     TLSv1.3-num-tickets-ctx-6 TLSv1.3-num-tickets-ctx-0
 );
-diff -ru Net-SSLeay-1.90.orig/t/local/45_exporter.t Net-SSLeay-1.90/t/local/45_exporter.t
+diff -up Net-SSLeay-1.94/t/local/45_exporter.t.orig Net-SSLeay-1.94/t/local/45_exporter.t
--- Net-SSLeay-1.90.orig/t/local/45_exporter.t	2020-12-12 14:55:23.000000000 +0100
+--- Net-SSLeay-1.94/t/local/45_exporter.t.orig	2024-06-17 15:57:56.945991033 +0200
-+++ Net-SSLeay-1.90/t/local/45_exporter.t	2021-06-04 18:50:13.931192784 +0200
+++ Net-SSLeay-1.94/t/local/45_exporter.t	2024-06-17 16:00:55.358499773 +0200
-@@ -15,12 +15,12 @@
+@@ -16,12 +16,12 @@ if (not can_fork()) {
 } elsif (!defined &Net::SSLeay::export_keying_material) {
     plan skip_all => "No export_keying_material()";
 } else {
-    plan tests => 36;
+-    plan tests => 37;
-+    plan tests => 18;
+    plan tests => 19;
 }
 initialise_libssl();
--- a/SPECS/perl-Net-SSLeay.spec
+++ b/SPECS/perl-Net-SSLeay.spec
@ -5,14 +5,14 @@
 %endif
 Name:		perl-Net-SSLeay
-Version:	1.92
+Version:	1.94
-Release:	2%{?dist}
+Release:	6%{?dist}
 Summary:	Perl extension for using OpenSSL
-License:	Artistic 2.0
+License:	Artistic-2.0
 URL:		https://metacpan.org/release/Net-SSLeay
 Source0:	https://cpan.metacpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz
-Patch1:		Net-SSLeay-1.90-pkgconfig.patch
+Patch10:	Net-SSLeay-1.90-pkgconfig.patch
-Patch2:		Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
+Patch11:	Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
 # =========== Module Build ===========================
 BuildRequires:	coreutils
 BuildRequires:	findutils
@ -24,7 +24,6 @@ BuildRequires:	perl-devel
 BuildRequires:	perl-generators
 BuildRequires:	perl-interpreter
 BuildRequires:	perl(constant)
 BuildRequires:	perl(Cwd)
 BuildRequires:	perl(English)
 BuildRequires:	perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:	perl(ExtUtils::PkgConfig)
@ -38,41 +37,49 @@ BuildRequires:	perl(utf8)
 # =========== Module Runtime =========================
 BuildRequires:	perl(AutoLoader)
 BuildRequires:	perl(Carp)
 BuildRequires:	perl(Errno)
 BuildRequires:	perl(Exporter)
 BuildRequires:	perl(MIME::Base64)
 BuildRequires:	perl(Socket)
 BuildRequires:	perl(vars)
 BuildRequires:	perl(XSLoader)
 # =========== Test Suite =============================
 BuildRequires:	perl(base)
 BuildRequires:	perl(Config)
 BuildRequires:	perl(Cwd)
 BuildRequires:	perl(File::Spec)
 BuildRequires:	perl(FindBin)
 BuildRequires:	perl(HTTP::Tiny)
 BuildRequires:	perl(IO::Handle)
 BuildRequires:	perl(IO::Socket::INET)
 BuildRequires:	perl(lib)
 BuildRequires:	perl(Scalar::Util)
 BuildRequires:	perl(SelectSaver)
 BuildRequires:	perl(Storable)
 BuildRequires:	perl(strict)
 BuildRequires:	perl(Test::Builder)
 BuildRequires:	perl(Test::More) >= 0.61
 BuildRequires:	perl(threads)
 BuildRequires:	perl(warnings)
-# =========== Optional Test Suite ====================
+# =========== Optional Tests =========================
 %if %{with perl_Net_SSLeay_enables_optional_test}
-BuildRequires:	perl(Test::Exception)
+BuildRequires:	perl(Crypt::OpenSSL::Bignum)
 # Test::Kwalitee 1.00 not used
-BuildRequires:	perl(Test::NoWarnings)
+BuildRequires:	perl(Test::Pod) >= 1.41
 BuildRequires:	perl(Test::Pod) >= 1.0
 # Test::Pod::Coverage 1.00 not used
 BuildRequires:	perl(Test::Warn)
 %endif
-# =========== Module Runtime =========================
+# =========== Module Dependencies ====================
 Requires:	perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:	perl(MIME::Base64)
 Requires:	perl(XSLoader)
 # Don't "provide" private Perl libs or the redundant unversioned perl(Net::SSLeay) provide
 %global __provides_exclude ^(perl\\(Net::SSLeay\\)$|SSLeay\\.so)
 # Filter modules bundled for tests
 %global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_libexecdir}
 %global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Test::Net::SSLeay.*\\)
 %global __requires_exclude %{__requires_exclude}|^perl\\(Net::PcapWriter\\)
 %description
 This module offers some high level convenience functions for accessing
 web pages on SSL servers (for symmetry, same API is offered for
@ -80,26 +87,41 @@ accessing http servers, too), a sslcat() function for writing your own
 clients, and finally access to the SSL API of SSLeay/OpenSSL package
 so you can write servers or clients for more complicated applications.
 %package tests
 Summary:        Tests for %{name}
 Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
 Requires:       perl-Test-Harness
 %description tests
 Tests from %{name}. Execute them
 with "%{_libexecdir}/%{name}/test".
 %prep
 %setup -q -n Net-SSLeay-%{version}
 # Get libraries to link against from pkg-config
 # https://github.com/radiator-software/p5-net-ssleay/pull/127
-%patch1
+%patch -P 10
 # Disable TLS1 and TLS1_1 from tests
-%patch2 -p1
+%patch -P 11 -p1
 # Fix permissions in examples to avoid bogus doc-file dependencies
 chmod -c 644 examples/*
 # Help generators to recognize Perl scripts
 for F in `find t -name *.t -o -name *.pl`; do
    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
    chmod +x "$F"
 done
 %build
 unset OPENSSL_PREFIX
 PERL_MM_USE_DEFAULT=1 perl Makefile.PL \
 	INSTALLDIRS=vendor \
 	NO_PACKLIST=1 \
 	NO_PERLLOCAL=1 \
-	OPTIMIZE="%{optflags}" </dev/null
+	OPTIMIZE="%{optflags} -DOPENSSL_NO_ENGINE" < /dev/null
 %{make_build}
 %install
@ -110,6 +132,20 @@ find %{buildroot} -type f -name '*.bs' -empty -delete
 # Remove script we don't want packaged
 rm -f %{buildroot}%{perl_vendorarch}/Net/ptrtstrun.pl
 # Install tests
 mkdir -p %{buildroot}%{_libexecdir}/%{name}
 cp -a t inc %{buildroot}%{_libexecdir}/%{name}
 rm %{buildroot}%{_libexecdir}/%{name}/t/external/ocsp.t
 rm %{buildroot}%{_libexecdir}/%{name}/t/local/kwalitee.t
 rm %{buildroot}%{_libexecdir}/%{name}/t/local/02_pod_coverage.t
 cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
 #!/bin/sh
 unset RELEASE_TESTING
 cd %{_libexecdir}/%{name} && exec prove -I . -r -j "$(getconf _NPROCESSORS_ONLN)"
 EOF
 chmod +x %{buildroot}%{_libexecdir}/%{name}/test
 %check
 unset RELEASE_TESTING
 OPENSSL_ENABLE_SHA1_SIGNATURES=1 make test
@ -125,45 +161,124 @@ OPENSSL_ENABLE_SHA1_SIGNATURES=1 make test
 %{_mandir}/man3/Net::SSLeay.3*
 %{_mandir}/man3/Net::SSLeay::Handle.3*
-%changelog
+%files tests
-* Wed Jul 27 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1.92-2
+%{_libexecdir}/%{name}
 - Enable using SHA1 for tests
 - Resolves: rhbz#2107670
-* Wed Jan 26 2022 Michal Josef Špaček <mspacek@redhat.com> - 1.92-1
+%changelog
 * Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.94-6
 - Rebuilt for MSVSphere 10
 * Thu Aug 08 2024 Troy Dawson <tdawson@redhat.com> - 1.94-6
 - Bump release for Aug 2024 java mass rebuild
 * Tue Jul 02 2024 Jitka Plesnikova <jplesnik@redhat.com> - 1.94-5
 - Resolves: RHEL-33744 - Stop using OpenSSL ENGINE API
 - Package tests
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.94-4
 - Bump release for June 2024 mass rebuild
 * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.94-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.94-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Mon Jan  8 2024 Paul Howarth <paul@city-fan.org> - 1.94-1
 - Update to 1.94
  - Net::SSLeay now officially supports all stable releases of OpenSSL 3.1 and
    3.2, and LibreSSL 3.5-3.8
  - Many noisy compiler warnings have been silenced - if SSLeay.xs fails to
    compile, it should now be much easier to identify the cause
  - libcrypto's OPENSSL_init_crypto() function and libssl's OPENSSL_init_ssl()
    function are now exposed, enabling fine-grained control over the
    initialisation and configuration of both libraries
  - libssl functions implementing TLS 1.3 PSK authentication are now exposed,
    in particular SSL_CTX_set_psk_find_session_callback() (on the server side)
    and SSL_CTX_set_psk_use_session_callback() (on the client side)
  - libssl functions implementing server-side TLS 1.2 PSK authentication are
    now exposed, in particular SSL_CTX_set_psk_server_callback()
  - libssl's SSL_CTX_set_client_hello_cb() function is now exposed, allowing a
    TLS server to set a callback function that is executed when the server
    processes a ClientHello message
  - Many more libcrypto/libssl constants and functions are now exposed; see the
    release notes for the 1.93 developer releases for a full list
 * Thu Aug  3 2023 Paul Howarth <paul@city-fan.org> - 1.92-10
 - Rebuild for OpenSSL 3.1.1 in Rawhide
 * Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.92-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1.92-8
 - Perl 5.38 rebuild
 * Thu Apr  6 2023 Paul Howarth <paul@city-fan.org> - 1.92-7
 - Update test suite to handle potential unavailability of sha1 algorithm
  https://github.com/radiator-software/p5-net-ssleay/pull/433
 - Avoid deprecated patch syntax
 * Fri Mar 17 2023 Michal Josef Špaček <mspacek@redhat.com> - 1.92-6
 - Update license to SPDX format
 * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.92-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.92-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Tue May 31 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1.92-3
 - Perl 5.36 rebuild
 * Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.92-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Thu Jan 13 2022 Paul Howarth <paul@city-fan.org> - 1.92-1
 - Update to 1.92
-
+  - Net::SSLeay now supports stable releases of OpenSSL 3.0
-* Wed Aug 11 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-8
+    - OpenSSL 3.0.0 introduces the concept of "providers", which contain
- Fix tests for openssl 3.0.0-beta2. rhbz#1992571
+      cryptographic algorithm implementations; many outdated, deprecated
-  - Add another fix for t/05_passwd_cb.t, because change in passphrase caching
+      and/or insecure algorithms have been moved to the "legacy" provider,
- Remove XXX in spec file
+      which may need to be loaded explicitly in order to use them with
-
+      Net::SSLeay (see "Low level API: OSSL_LIB_CTX and OSSL_PROVIDER
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.90-7
+      related functions" in the Net::SSLeay module documentation for details)
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+    - Net::SSLeay's built-in PEM_get_string_PrivateKey() function depends on
-  Related: rhbz#1991688
+      algorithms that have moved to the legacy provider described above; if
-
+      OpenSSL has been compiled without the legacy provider, the tests
-* Fri Jul 23 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-6
+      t/local/33_x509_create_cert.t and t/local/63_ec_key_generate_key.t will
- Fix tests for openssl 3.0.0-beta1. rhbz#1964854
+      fail when the test suite is run
-  - Add fix for t/05_passwd_cb.t
+    - TLS 1.1 and below may only be used at security level 0 as of OpenSSL
-  - Update Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch to accept beta version
+      3.0.0; if a minimum required security level is imposed (e.g. in an
- Fix tab vs space in spec file
+      OpenSSL configuration file managed by the operating system), the tests
- Update Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch patch to upstream version
+      t/local/44_sess.t and t/local/45_exporter.t will fail when the test
-
+      suite is run
-* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.90-5
+  - Net::SSLeay now supports stable releases of LibreSSL from the 3.2-3.4
- Rebuilt for RHEL 9 BETA for openssl 3.0
+    series (with the exception of 3.2.2 and 3.2.3 - see "COMPATIBILITY" in
-  Related: rhbz#1971065
+    the Net::SSLeay module documentation for details)
-
+    - The TLS 1.3 implementation in LibreSSL 3.1-3.3, parts of which are
-* Fri Jun 04 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-4
+      enabled by default, is not fully compatible with the libssl API and may
- Fix tests for openssl 3.0.0-alpha16. rhbz#1964854
+      not function as expected with Net::SSLeay; see "KNOWN BUGS AND CAVEATS"
-  - Fix check across alpha1 vs alpha17
+      in the Net::SSLeay module documentation for details
-  - Change default alg for PEM_get_string_PrivateKey()
+  - A number of new libcrypto/libssl constants and functions are now exposed,
-  - Different order in CA chain in some versions
+    including SSL_CTX_set_keylog_callback() and SSL_CTX_set_msg_callback(),
-  - Changed API of CTX_set_ciphersuites() and set_ciphersuites(), ignore
+    which are helpful when debugging TLS handshakes; see the release notes
-    unknown ciphers
+    for the 1.91 developer releases (in the Changes file) for a full list of
-  - Disable TLSv1 and TLSv1_1 usage in test
+    newly-exposed constants and functions
-
+
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.90-3
+* Tue Oct  5 2021 Paul Howarth <paul@city-fan.org> - 1.90-7
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Fixes for OpenSSL 3.0.0 are now entirely from upstream
 * Wed Sep 15 2021 Paul Howarth <paul@city-fan.org> - 1.90-6
 - Add fixes (mainly from upstream) for OpenSSL 3.0.0
 * Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.90-5
 - Rebuilt with OpenSSL 3.0.0
 * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.90-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 * Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1.90-3
 - Perl 5.34 rebuild
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.90-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
`@ -1 +1 @@`
	`SOURCES/Net-SSLeay-1.92.tar.gz`	`SOURCES/Net-SSLeay-1.94.tar.gz`
`@ -1 +1 @@`
	`03daf8b342ea57a9b1eef0689275ec99e5008e21 SOURCES/Net-SSLeay-1.92.tar.gz`	`dd5b22da7d4214685dc54f3881370d26b6585dfb SOURCES/Net-SSLeay-1.94.tar.gz`