4 changed files with 179 additions and 67 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/Net-SSLeay-1.92.tar.gz
+SOURCES/Net-SSLeay-1.94.tar.gz
--- a/.perl-Net-SSLeay.metadata
+++ b/.perl-Net-SSLeay.metadata
@ -1 +1 @@
-03daf8b342ea57a9b1eef0689275ec99e5008e21 SOURCES/Net-SSLeay-1.92.tar.gz
+dd5b22da7d4214685dc54f3881370d26b6585dfb SOURCES/Net-SSLeay-1.94.tar.gz
--- a/SOURCES/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
+++ b/SOURCES/Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
@ -1,12 +1,12 @@
-diff -ru Net-SSLeay-1.90.orig/t/local/44_sess.t Net-SSLeay-1.90/t/local/44_sess.t
--- Net-SSLeay-1.90.orig/t/local/44_sess.t	2020-12-12 14:55:23.000000000 +0100
-+++ Net-SSLeay-1.90/t/local/44_sess.t	2021-06-04 18:50:09.733150048 +0200
-@@ -13,13 +13,13 @@
+diff -up Net-SSLeay-1.94/t/local/44_sess.t.orig Net-SSLeay-1.94/t/local/44_sess.t
+--- Net-SSLeay-1.94/t/local/44_sess.t.orig	2024-06-17 15:55:57.760001634 +0200
+++ Net-SSLeay-1.94/t/local/44_sess.t	2024-06-17 15:57:33.333795022 +0200
+@@ -15,13 +15,13 @@ use English qw( $EVAL_ERROR $OSNAME $PER
 if (not can_fork()) {
     plan skip_all => "fork() not supported on this system";
 } else {
-    plan tests => 58;
-+    plan tests => 34;
+-    plan tests => 67;
+    plan tests => 39;
 }
 
 initialise_libssl();
@ -17,15 +17,15 @@ diff -ru Net-SSLeay-1.90.orig/t/local/44_sess.t Net-SSLeay-1.90/t/local/44_sess.
     TLSv1.3-num-tickets-ctx-6 TLSv1.3-num-tickets-ctx-0
 );
 
-diff -ru Net-SSLeay-1.90.orig/t/local/45_exporter.t Net-SSLeay-1.90/t/local/45_exporter.t
--- Net-SSLeay-1.90.orig/t/local/45_exporter.t	2020-12-12 14:55:23.000000000 +0100
-+++ Net-SSLeay-1.90/t/local/45_exporter.t	2021-06-04 18:50:13.931192784 +0200
-@@ -15,12 +15,12 @@
+diff -up Net-SSLeay-1.94/t/local/45_exporter.t.orig Net-SSLeay-1.94/t/local/45_exporter.t
+--- Net-SSLeay-1.94/t/local/45_exporter.t.orig	2024-06-17 15:57:56.945991033 +0200
+++ Net-SSLeay-1.94/t/local/45_exporter.t	2024-06-17 16:00:55.358499773 +0200
+@@ -16,12 +16,12 @@ if (not can_fork()) {
 } elsif (!defined &Net::SSLeay::export_keying_material) {
     plan skip_all => "No export_keying_material()";
 } else {
-    plan tests => 36;
-+    plan tests => 18;
+-    plan tests => 37;
+    plan tests => 19;
 }
 
 initialise_libssl();
--- a/SPECS/perl-Net-SSLeay.spec
+++ b/SPECS/perl-Net-SSLeay.spec
@ -5,14 +5,14 @@
 %endif

 Name:		perl-Net-SSLeay
-Version:	1.92
-Release:	2%{?dist}
+Version:	1.94
+Release:	6%{?dist}
 Summary:	Perl extension for using OpenSSL
-License:	Artistic 2.0
+License:	Artistic-2.0
 URL:		https://metacpan.org/release/Net-SSLeay
 Source0:	https://cpan.metacpan.org/modules/by-module/Net/Net-SSLeay-%{version}.tar.gz
-Patch1:		Net-SSLeay-1.90-pkgconfig.patch
-Patch2:		Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
+Patch10:	Net-SSLeay-1.90-pkgconfig.patch
+Patch11:	Net-SSLeay-1.90-openssl3.0.0-tests-disable_TLS1_and_TLS1_1.patch
 # =========== Module Build ===========================
 BuildRequires:	coreutils
 BuildRequires:	findutils
@ -24,7 +24,6 @@ BuildRequires:	perl-devel
 BuildRequires:	perl-generators
 BuildRequires:	perl-interpreter
 BuildRequires:	perl(constant)
-BuildRequires:	perl(Cwd)
 BuildRequires:	perl(English)
 BuildRequires:	perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:	perl(ExtUtils::PkgConfig)
@ -38,41 +37,49 @@ BuildRequires:	perl(utf8)
 # =========== Module Runtime =========================
 BuildRequires:	perl(AutoLoader)
 BuildRequires:	perl(Carp)
+BuildRequires:	perl(Errno)
 BuildRequires:	perl(Exporter)
 BuildRequires:	perl(MIME::Base64)
 BuildRequires:	perl(Socket)
+BuildRequires:	perl(vars)
 BuildRequires:	perl(XSLoader)
 # =========== Test Suite =============================
+BuildRequires:	perl(base)
 BuildRequires:	perl(Config)
+BuildRequires:	perl(Cwd)
 BuildRequires:	perl(File::Spec)
 BuildRequires:	perl(FindBin)
 BuildRequires:	perl(HTTP::Tiny)
 BuildRequires:	perl(IO::Handle)
 BuildRequires:	perl(IO::Socket::INET)
 BuildRequires:	perl(lib)
+BuildRequires:	perl(Scalar::Util)
+BuildRequires:	perl(SelectSaver)
 BuildRequires:	perl(Storable)
 BuildRequires:	perl(strict)
 BuildRequires:	perl(Test::Builder)
 BuildRequires:	perl(Test::More) >= 0.61
 BuildRequires:	perl(threads)
 BuildRequires:	perl(warnings)
-# =========== Optional Test Suite ====================
+# =========== Optional Tests =========================
 %if %{with perl_Net_SSLeay_enables_optional_test}
-BuildRequires:	perl(Test::Exception)
+BuildRequires:	perl(Crypt::OpenSSL::Bignum)
 # Test::Kwalitee 1.00 not used
-BuildRequires:	perl(Test::NoWarnings)
-BuildRequires:	perl(Test::Pod) >= 1.0
+BuildRequires:	perl(Test::Pod) >= 1.41
 # Test::Pod::Coverage 1.00 not used
-BuildRequires:	perl(Test::Warn)
 %endif
-# =========== Module Runtime =========================
-Requires:	perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
+# =========== Module Dependencies ====================
 Requires:	perl(MIME::Base64)
 Requires:	perl(XSLoader)

 # Don't "provide" private Perl libs or the redundant unversioned perl(Net::SSLeay) provide
 %global __provides_exclude ^(perl\\(Net::SSLeay\\)$|SSLeay\\.so)

+# Filter modules bundled for tests
+%global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_libexecdir}
+%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Test::Net::SSLeay.*\\)
+%global __requires_exclude %{__requires_exclude}|^perl\\(Net::PcapWriter\\)
+
 %description
 This module offers some high level convenience functions for accessing
 web pages on SSL servers (for symmetry, same API is offered for
@ -80,26 +87,41 @@ accessing http servers, too), a sslcat() function for writing your own
 clients, and finally access to the SSL API of SSLeay/OpenSSL package
 so you can write servers or clients for more complicated applications.

+%package tests
+Summary:        Tests for %{name}
+Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires:       perl-Test-Harness
+
+%description tests
+Tests from %{name}. Execute them
+with "%{_libexecdir}/%{name}/test".
+
 %prep
 %setup -q -n Net-SSLeay-%{version}

 # Get libraries to link against from pkg-config
 # https://github.com/radiator-software/p5-net-ssleay/pull/127
-%patch1
+%patch -P 10

 # Disable TLS1 and TLS1_1 from tests
-%patch2 -p1
+%patch -P 11 -p1

 # Fix permissions in examples to avoid bogus doc-file dependencies
 chmod -c 644 examples/*

+# Help generators to recognize Perl scripts
+for F in `find t -name *.t -o -name *.pl`; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
+    chmod +x "$F"
+done
+
 %build
 unset OPENSSL_PREFIX
 PERL_MM_USE_DEFAULT=1 perl Makefile.PL \
 	INSTALLDIRS=vendor \
 	NO_PACKLIST=1 \
 	NO_PERLLOCAL=1 \
-	OPTIMIZE="%{optflags}" </dev/null
+	OPTIMIZE="%{optflags} -DOPENSSL_NO_ENGINE" < /dev/null
 %{make_build}

 %install
@ -110,6 +132,20 @@ find %{buildroot} -type f -name '*.bs' -empty -delete
 # Remove script we don't want packaged
 rm -f %{buildroot}%{perl_vendorarch}/Net/ptrtstrun.pl

+# Install tests
+mkdir -p %{buildroot}%{_libexecdir}/%{name}
+cp -a t inc %{buildroot}%{_libexecdir}/%{name}
+rm %{buildroot}%{_libexecdir}/%{name}/t/external/ocsp.t
+rm %{buildroot}%{_libexecdir}/%{name}/t/local/kwalitee.t
+rm %{buildroot}%{_libexecdir}/%{name}/t/local/02_pod_coverage.t
+
+cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
+#!/bin/sh
+unset RELEASE_TESTING
+cd %{_libexecdir}/%{name} && exec prove -I . -r -j "$(getconf _NPROCESSORS_ONLN)"
+EOF
+chmod +x %{buildroot}%{_libexecdir}/%{name}/test
+
 %check
 unset RELEASE_TESTING
 OPENSSL_ENABLE_SHA1_SIGNATURES=1 make test
@ -125,45 +161,121 @@ OPENSSL_ENABLE_SHA1_SIGNATURES=1 make test
 %{_mandir}/man3/Net::SSLeay.3*
 %{_mandir}/man3/Net::SSLeay::Handle.3*

-%changelog
-* Wed Jul 27 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1.92-2
- Enable using SHA1 for tests
- Resolves: rhbz#2107670
+%files tests
+%{_libexecdir}/%{name}

-* Wed Jan 26 2022 Michal Josef Špaček <mspacek@redhat.com> - 1.92-1
+%changelog
+* Thu Aug 08 2024 Troy Dawson <tdawson@redhat.com> - 1.94-6
+- Bump release for Aug 2024 java mass rebuild
+
+* Tue Jul 02 2024 Jitka Plesnikova <jplesnik@redhat.com> - 1.94-5
+- Resolves: RHEL-33744 - Stop using OpenSSL ENGINE API
+- Package tests
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.94-4
+- Bump release for June 2024 mass rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.94-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.94-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan  8 2024 Paul Howarth <paul@city-fan.org> - 1.94-1
+- Update to 1.94
+  - Net::SSLeay now officially supports all stable releases of OpenSSL 3.1 and
+    3.2, and LibreSSL 3.5-3.8
+  - Many noisy compiler warnings have been silenced - if SSLeay.xs fails to
+    compile, it should now be much easier to identify the cause
+  - libcrypto's OPENSSL_init_crypto() function and libssl's OPENSSL_init_ssl()
+    function are now exposed, enabling fine-grained control over the
+    initialisation and configuration of both libraries
+  - libssl functions implementing TLS 1.3 PSK authentication are now exposed,
+    in particular SSL_CTX_set_psk_find_session_callback() (on the server side)
+    and SSL_CTX_set_psk_use_session_callback() (on the client side)
+  - libssl functions implementing server-side TLS 1.2 PSK authentication are
+    now exposed, in particular SSL_CTX_set_psk_server_callback()
+  - libssl's SSL_CTX_set_client_hello_cb() function is now exposed, allowing a
+    TLS server to set a callback function that is executed when the server
+    processes a ClientHello message
+  - Many more libcrypto/libssl constants and functions are now exposed; see the
+    release notes for the 1.93 developer releases for a full list
+
+* Thu Aug  3 2023 Paul Howarth <paul@city-fan.org> - 1.92-10
+- Rebuild for OpenSSL 3.1.1 in Rawhide
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.92-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 1.92-8
+- Perl 5.38 rebuild
+
+* Thu Apr  6 2023 Paul Howarth <paul@city-fan.org> - 1.92-7
+- Update test suite to handle potential unavailability of sha1 algorithm
+  https://github.com/radiator-software/p5-net-ssleay/pull/433
+- Avoid deprecated patch syntax
+
+* Fri Mar 17 2023 Michal Josef Špaček <mspacek@redhat.com> - 1.92-6
+- Update license to SPDX format
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.92-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.92-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue May 31 2022 Jitka Plesnikova <jplesnik@redhat.com> - 1.92-3
+- Perl 5.36 rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.92-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jan 13 2022 Paul Howarth <paul@city-fan.org> - 1.92-1
 - Update to 1.92
-
-* Wed Aug 11 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-8
- Fix tests for openssl 3.0.0-beta2. rhbz#1992571
-  - Add another fix for t/05_passwd_cb.t, because change in passphrase caching
- Remove XXX in spec file
-
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.90-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
-* Fri Jul 23 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-6
- Fix tests for openssl 3.0.0-beta1. rhbz#1964854
-  - Add fix for t/05_passwd_cb.t
-  - Update Net-SSLeay-1.90-openssl3.0.0-43_misc_functions.patch to accept beta version
- Fix tab vs space in spec file
- Update Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch patch to upstream version
-
-* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.90-5
- Rebuilt for RHEL 9 BETA for openssl 3.0
-  Related: rhbz#1971065
-
-* Fri Jun 04 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-4
- Fix tests for openssl 3.0.0-alpha16. rhbz#1964854
-  - Fix check across alpha1 vs alpha17
-  - Change default alg for PEM_get_string_PrivateKey()
-  - Different order in CA chain in some versions
-  - Changed API of CTX_set_ciphersuites() and set_ciphersuites(), ignore
-    unknown ciphers
-  - Disable TLSv1 and TLSv1_1 usage in test
-
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.90-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+  - Net::SSLeay now supports stable releases of OpenSSL 3.0
+    - OpenSSL 3.0.0 introduces the concept of "providers", which contain
+      cryptographic algorithm implementations; many outdated, deprecated
+      and/or insecure algorithms have been moved to the "legacy" provider,
+      which may need to be loaded explicitly in order to use them with
+      Net::SSLeay (see "Low level API: OSSL_LIB_CTX and OSSL_PROVIDER
+      related functions" in the Net::SSLeay module documentation for details)
+    - Net::SSLeay's built-in PEM_get_string_PrivateKey() function depends on
+      algorithms that have moved to the legacy provider described above; if
+      OpenSSL has been compiled without the legacy provider, the tests
+      t/local/33_x509_create_cert.t and t/local/63_ec_key_generate_key.t will
+      fail when the test suite is run
+    - TLS 1.1 and below may only be used at security level 0 as of OpenSSL
+      3.0.0; if a minimum required security level is imposed (e.g. in an
+      OpenSSL configuration file managed by the operating system), the tests
+      t/local/44_sess.t and t/local/45_exporter.t will fail when the test
+      suite is run
+  - Net::SSLeay now supports stable releases of LibreSSL from the 3.2-3.4
+    series (with the exception of 3.2.2 and 3.2.3 - see "COMPATIBILITY" in
+    the Net::SSLeay module documentation for details)
+    - The TLS 1.3 implementation in LibreSSL 3.1-3.3, parts of which are
+      enabled by default, is not fully compatible with the libssl API and may
+      not function as expected with Net::SSLeay; see "KNOWN BUGS AND CAVEATS"
+      in the Net::SSLeay module documentation for details
+  - A number of new libcrypto/libssl constants and functions are now exposed,
+    including SSL_CTX_set_keylog_callback() and SSL_CTX_set_msg_callback(),
+    which are helpful when debugging TLS handshakes; see the release notes
+    for the 1.91 developer releases (in the Changes file) for a full list of
+    newly-exposed constants and functions
+
+* Tue Oct  5 2021 Paul Howarth <paul@city-fan.org> - 1.90-7
+- Fixes for OpenSSL 3.0.0 are now entirely from upstream
+
+* Wed Sep 15 2021 Paul Howarth <paul@city-fan.org> - 1.90-6
+- Add fixes (mainly from upstream) for OpenSSL 3.0.0
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.90-5
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.90-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 1.90-3
+- Perl 5.34 rebuild

 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.90-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild