diff -pruN 2.059-1/debian/changelog 2.059-2/debian/changelog --- 2.059-1/debian/changelog 2018-08-16 08:54:33.000000000 +0000 +++ 2.059-2/debian/changelog 2018-09-15 14:34:01.000000000 +0000 @@ -1,3 +1,15 @@ +libio-socket-ssl-perl (2.059-2) unstable; urgency=medium + + * Team upload + + * add patches by Petr Písař adapting to OpenSSL 1.1.1 + (closes: #891625) + * bump debhelper compatibility level to 11 + * patch t/protocol_version.t to ignore SIGPIPE + * declare conformance with POlicy 4.2.1 (no changes needed) + + -- Damyan Ivanov Sat, 15 Sep 2018 14:34:01 +0000 + libio-socket-ssl-perl (2.059-1) unstable; urgency=medium * Import upstream version 2.059 diff -pruN 2.059-1/debian/compat 2.059-2/debian/compat --- 2.059-1/debian/compat 2018-08-16 08:54:33.000000000 +0000 +++ 2.059-2/debian/compat 2018-09-15 13:51:59.000000000 +0000 @@ -1 +1 @@ -10 +11 diff -pruN 2.059-1/debian/control 2.059-2/debian/control --- 2.059-1/debian/control 2018-08-16 08:54:33.000000000 +0000 +++ 2.059-2/debian/control 2018-09-15 14:33:57.000000000 +0000 @@ -7,7 +7,7 @@ Uploaders: gregor herrmann = 10) +Build-Depends: debhelper (>= 11~) Build-Depends-Indep: ca-certificates, libnet-idn-encode-perl, libnet-libidn-perl, @@ -18,7 +18,7 @@ Build-Depends-Indep: ca-certificates, perl (>= 5.15.6) | libsocket-perl | libsocket6-perl, perl (>= 5.19.8) | libio-socket-ip-perl (>= 0.20) | libio-socket-inet6-perl, procps -Standards-Version: 4.2.0 +Standards-Version: 4.2.1 Vcs-Browser: https://salsa.debian.org/perl-team/modules/packages/libio-socket-ssl-perl Vcs-Git: https://salsa.debian.org/perl-team/modules/packages/libio-socket-ssl-perl.git Homepage: https://metacpan.org/release/IO-Socket-SSL diff -pruN 2.059-1/debian/copyright 2.059-2/debian/copyright --- 2.059-1/debian/copyright 2018-08-16 08:54:33.000000000 +0000 +++ 2.059-2/debian/copyright 2018-09-15 13:49:53.000000000 +0000 @@ -23,6 +23,7 @@ Copyright: 2000-2004, Davide Puricelli ( 2009, Antonio Radici 2009-2018, Salvatore Bonaccorso 2010-2011, 2014, Angel Abad + 2018, Petr Písař License: Artistic or GPL-1+ License: Artistic diff -pruN 2.059-1/debian/patches/0001-Adapt-to-OpenSSL-1.1.1.patch 2.059-2/debian/patches/0001-Adapt-to-OpenSSL-1.1.1.patch --- 2.059-1/debian/patches/0001-Adapt-to-OpenSSL-1.1.1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.059-2/debian/patches/0001-Adapt-to-OpenSSL-1.1.1.patch 2018-09-15 13:43:46.000000000 +0000 @@ -0,0 +1,142 @@ +From e293a1497cccaa7cfe383cea37e6a445f870507d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Thu, 16 Aug 2018 14:56:23 +0200 +Subject: [PATCH 1/6] Adapt to OpenSSL 1.1.1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It needs patched Net-SSLeay (CPAN RT#125218). + +This patch introduces some TLSv1.3 identifiers but does not document +them. This is to let the IO-Socket-SSL maintainer to define the API. + +This is not a final patch. We need to fix failures in: + +t/npn.t +t/session_ticket.t +t/sni_verify.t + +Signed-off-by: Petr Písař +--- + lib/IO/Socket/SSL.pm | 17 +++++++++++++++-- + t/ecdhe.t | 16 +++++++++++----- + t/protocol_version.t | 4 ++-- + t/session_ticket.t | 2 ++ + 4 files changed, 30 insertions(+), 9 deletions(-) + +diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm +index dafff06..4812f77 100644 +--- a/lib/IO/Socket/SSL.pm ++++ b/lib/IO/Socket/SSL.pm +@@ -268,7 +268,8 @@ BEGIN{ + # get constants for SSL_OP_NO_* now, instead calling the related functions + # every time we setup a connection + my %SSL_OP_NO; +-for(qw( SSLv2 SSLv3 TLSv1 TLSv1_1 TLSv11:TLSv1_1 TLSv1_2 TLSv12:TLSv1_2 )) { ++for(qw( SSLv2 SSLv3 TLSv1 TLSv1_1 TLSv11:TLSv1_1 TLSv1_2 TLSv12:TLSv1_2 ++ TLSv1_3 TLSv13:TLSv1_3 )) { + my ($k,$op) = m{:} ? split(m{:},$_,2) : ($_,$_); + my $sub = "Net::SSLeay::OP_NO_$op"; + local $SIG{__DIE__}; +@@ -1893,6 +1894,7 @@ sub get_sslversion { + my $ssl = shift()->_get_ssl_object || return; + my $version = Net::SSLeay::version($ssl) or return; + return ++ $version == 0x0304 ? 'TLSv1_3' : + $version == 0x0303 ? 'TLSv1_2' : + $version == 0x0302 ? 'TLSv1_1' : + $version == 0x0301 ? 'TLSv1' : +@@ -2338,7 +2340,7 @@ sub new { + + my $ver; + for (split(/\s*:\s*/,$arg_hash->{SSL_version})) { +- m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[12])?))$}i ++ m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1(?:_?[123])?))$}i + or croak("invalid SSL_version specified"); + my $not = $1; + ( my $v = lc($2||$3) ) =~s{^(...)}{\U$1}; +@@ -2386,6 +2388,17 @@ sub new { + IO::Socket::SSL->error("SSL Context init failed"); + $CTX_CREATED_IN_THIS_THREAD{$ctx} = 1 if $use_threads; + ++ # There is no CTX_tlsv1_3_new(). Create TLSv1.3 only context using ++ # a flexible method. ++ if ($ver eq 'TLSv1_3') { ++ if (!Net::SSLeay::CTX_set_min_proto_version($ctx, ++ Net::SSLeay::TLS1_3_VERSION()) or ++ !Net::SSLeay::CTX_set_max_proto_version($ctx, ++ Net::SSLeay::TLS1_3_VERSION())) { ++ IO::Socket::SSL->error("TLSv1_3 context init failed"); ++ } ++ } ++ + # SSL_OP_CIPHER_SERVER_PREFERENCE + $ssl_op |= 0x00400000 if $arg_hash->{SSL_honor_cipher_order}; + +diff --git a/t/ecdhe.t b/t/ecdhe.t +index 638d82b..1b229c5 100644 +--- a/t/ecdhe.t ++++ b/t/ecdhe.t +@@ -53,12 +53,18 @@ if ( !defined $pid ) { + }; + ok( "client connected" ); + +- my $cipher = $to_server->get_cipher(); +- if ( $cipher !~m/^ECDHE-/ ) { +- notok("bad key exchange: $cipher"); +- exit; ++ my $protocol = $to_server->get_sslversion; ++ if ($protocol eq 'TLSv1_3') { ++ # ++ ok("# SKIP TLSv1.3 doesn't advertize key exchange in a chipher name"); ++ } else { ++ my $cipher = $to_server->get_cipher(); ++ if ( $cipher !~m/^ECDHE-/ ) { ++ notok("bad key exchange: $cipher"); ++ exit; ++ } ++ ok("ecdh key exchange: $cipher"); + } +- ok("ecdh key exchange: $cipher"); + + } else { ###### Server + +diff --git a/t/protocol_version.t b/t/protocol_version.t +index e3853d8..3577720 100644 +--- a/t/protocol_version.t ++++ b/t/protocol_version.t +@@ -13,7 +13,7 @@ plan skip_all => "Test::More has no done_testing" + $|=1; + + my $XDEBUG = 0; +-my @versions = qw(SSLv3 TLSv1 TLSv1_1 TLSv1_2); ++my @versions = qw(SSLv3 TLSv1 TLSv1_1 TLSv1_2 TLSv1_3); + + my $server = IO::Socket::SSL->new( + LocalAddr => '127.0.0.1', +@@ -82,7 +82,7 @@ if ($pid == 0) { + die "best protocol version server supports is $ver" if $supported{foo}; + + # Check if the OpenSSL was compiled without support for specific protocols +- for(qw(SSLv3 TLSv1 TLSv1_1)) { ++ for(qw(SSLv3 TLSv1 TLSv1_1 TLSv1_2 TLSv1_3)) { + if ( ! $check->($_,'')) { + diag("looks like OpenSSL was compiled without $_ support"); + delete $supported{$_}; +diff --git a/t/session_ticket.t b/t/session_ticket.t +index d3c15d9..bff6a86 100644 +--- a/t/session_ticket.t ++++ b/t/session_ticket.t +@@ -73,6 +73,8 @@ my $client = sub { + }; + + ++# FIXME: TLSv1.3 requires to use SSL_CTX_sess_set_new_cb() by clients instead ++# of SSL_get1_session(). Missing from Net::SSLeay. + $client->(0,0,"no initial session -> no reuse"); + $client->(0,1,"reuse with the next session and secret[0]"); + $client->(1,1,"reuse even though server changed, since they share ticket secret"); +-- +2.19.0 + diff -pruN 2.059-1/debian/patches/0002-Do-two-way-shutdown-in-t-sni_verify.t.patch 2.059-2/debian/patches/0002-Do-two-way-shutdown-in-t-sni_verify.t.patch --- 2.059-1/debian/patches/0002-Do-two-way-shutdown-in-t-sni_verify.t.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.059-2/debian/patches/0002-Do-two-way-shutdown-in-t-sni_verify.t.patch 2018-09-15 13:43:46.000000000 +0000 @@ -0,0 +1,47 @@ +From ccc566bde18c09b0b64d64e3aec3e2b98cc21737 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 17 Aug 2018 14:46:33 +0200 +Subject: [PATCH 2/6] Do two-way shutdown in t/sni_verify.t +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +OpenSSL 1.1.1-pre7 sigipipes TLSv1.3 server if client does not +shutdown TLS properly. + + +Signed-off-by: Petr Písař +--- + t/sni_verify.t | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/t/sni_verify.t b/t/sni_verify.t +index b3b299b..b5ac4bd 100644 +--- a/t/sni_verify.t ++++ b/t/sni_verify.t +@@ -71,6 +71,13 @@ if ( $pid == 0 ) { + + $client->verify_hostname($host,'http') or print "not "; + print "ok # client verify hostname in cert $host\n"; ++ ++ if ($client) { ++ # Shutdown TLS properly. Otherwise TLSv1.3 server will receive SIGPIPE ++ # in SSL_accept() and dies. ++ # . ++ $client->close('SSL_fast_shutdown' => 0); ++ } + } + exit; + } +@@ -81,5 +88,8 @@ for my $host (@tests) { + my $name = $csock->get_servername; + print "not " if ! $name or $name ne $host; + print "ok # server got SNI name $host\n"; ++ if ($csock) { ++ $csock->close('SSL_fast_shutdown' => 0); ++ } + } + wait; +-- +2.19.0 + diff -pruN 2.059-1/debian/patches/0003-NPN-is-unavailable-in-TLSv1.3.patch 2.059-2/debian/patches/0003-NPN-is-unavailable-in-TLSv1.3.patch --- 2.059-1/debian/patches/0003-NPN-is-unavailable-in-TLSv1.3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.059-2/debian/patches/0003-NPN-is-unavailable-in-TLSv1.3.patch 2018-09-15 13:43:46.000000000 +0000 @@ -0,0 +1,49 @@ +From 1251916c2201c9d1acb8ea362b5e97edcd27eb3a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 17 Aug 2018 15:14:40 +0200 +Subject: [PATCH 3/6] NPN is unavailable in TLSv1.3 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +TLSv1.3 does not support NPN. Application can use ALPN. This caused +t/npn.t failures when TLSv1.3 was negotiated. This patch disables +TLSv1.3 in the test. + + + +Signed-off-by: Petr Písař +--- + lib/IO/Socket/SSL.pod | 2 +- + t/npn.t | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/IO/Socket/SSL.pod b/lib/IO/Socket/SSL.pod +index 1f89bd9..0691903 100644 +--- a/lib/IO/Socket/SSL.pod ++++ b/lib/IO/Socket/SSL.pod +@@ -1339,7 +1339,7 @@ as an array ref. + See also method C. + + Next Protocol Negotiation (NPN) is available with Net::SSLeay 1.46+ and +-openssl-1.0.1+. ++openssl-1.0.1+. NPN is unavailable in TLSv1.3 protocol. + To check support you might call C<< IO::Socket::SSL->can_npn() >>. + If you use this option with an unsupported Net::SSLeay/OpenSSL it will + throw an error. +diff --git a/t/npn.t b/t/npn.t +index 8992a77..6ee6ca6 100644 +--- a/t/npn.t ++++ b/t/npn.t +@@ -25,6 +25,8 @@ my $addr = '127.0.0.1'; + my $server = IO::Socket::SSL->new( + LocalAddr => $addr, + Listen => 2, ++ SSL_version => 'SSLv23:!TLSv1_3', # NPN does not exist in TLSv1.3 ++ # https://github.com/openssl/openssl/issues/3665 + SSL_cert_file => 'certs/server-cert.pem', + SSL_key_file => 'certs/server-key.pem', + SSL_npn_protocols => [qw(one two)], +-- +2.19.0 + diff -pruN 2.059-1/debian/patches/0004-Exclude-TLSv1.3-from-t-session_ticket.t.patch 2.059-2/debian/patches/0004-Exclude-TLSv1.3-from-t-session_ticket.t.patch --- 2.059-1/debian/patches/0004-Exclude-TLSv1.3-from-t-session_ticket.t.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.059-2/debian/patches/0004-Exclude-TLSv1.3-from-t-session_ticket.t.patch 2018-09-15 13:51:38.000000000 +0000 @@ -0,0 +1,59 @@ +From ba67e0022a9a2e11926e8c661c303e2829614df7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Tue, 21 Aug 2018 12:32:39 +0200 +Subject: [PATCH 4/6] Exclude TLSv1.3 from t/session_ticket.t +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The test fails with OpenSSL 1.1.1 because SSL_get1_session() is not +reliable with TLSv1.3. A proper resumption support would need +migration to SSL_CTX_sess_set_new_cb() API. + +This patch also performs full SSL_shutdown in the test because +SSL_get1_session() manual documents that a connection must be properly +SSL_shutdowned, otherwise the session will be removed from the +(internal) session cache. + +Signed-off-by: Petr Písař +--- + t/session_ticket.t | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/t/session_ticket.t b/t/session_ticket.t +index bff6a86..69cbc96 100644 +--- a/t/session_ticket.t ++++ b/t/session_ticket.t +@@ -69,7 +69,7 @@ my $client = sub { + diag("connect to $i: ". + ($cl ? "success reuse=$reuse" : "error: $!,$SSL_ERROR")); + is($reuse,$expect_reuse,$desc); +- close($cl); ++ $cl->close('SSL_fast_shutdown' => 0); + }; + + +@@ -123,6 +123,11 @@ sub _server { + SSL_verify_mode => SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + SSL_ticket_keycb => $get_ticket_key, + SSL_session_id_context => 'foobar', ++ SSL_version => 'SSLv23:!TLSv1_3', # TLSv1.3 sends session tickes after ++ # a handshake, this SSL_get1_session() is not reliable anymore. ++ # Exclude TLSv1.3 from tests. Proper TLSv1.3 session resumption ++ # will need SSL_CTX_sess_set_new_cb(). ++ # + ) or die "failed to create SSL context: $SSL_ERROR"; + } + +@@ -158,7 +163,7 @@ sub _server { + print "rotate secrets\n"; + push @secrets, shift(@secrets); + } +- close($cl); ++ $cl->close('SSL_fast_shutdown' => 0); + alarm(0); + last; + } +-- +2.19.0 + diff -pruN 2.059-1/debian/patches/0005-Do-two-way-shutdown-in-t-sni.t.patch 2.059-2/debian/patches/0005-Do-two-way-shutdown-in-t-sni.t.patch --- 2.059-1/debian/patches/0005-Do-two-way-shutdown-in-t-sni.t.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.059-2/debian/patches/0005-Do-two-way-shutdown-in-t-sni.t.patch 2018-09-15 13:43:46.000000000 +0000 @@ -0,0 +1,65 @@ +From 291464f3f69838e3e3a32fd89f4f555895de87b8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Tue, 21 Aug 2018 16:02:19 +0200 +Subject: [PATCH 5/6] Do two-way shutdown in t/sni.t +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +TLSv1.3 performs more reading and writing in SSL_accept(). If a client +disconnects after the handshake but before the server finishes +SSL_accept(), the t/sni.t test would fail because accept() could fail with +ECONNRESET. This happened randomly. + +Failed accept() lead to undef->get_servername() call that triggered +a run-time exception and that caused a client being stucked and the +test script never exited. + +This fixes both these issues. + +Signed-off-by: Petr Písař +--- + t/sni.t | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +diff --git a/t/sni.t b/t/sni.t +index de0f06e..91206de 100644 +--- a/t/sni.t ++++ b/t/sni.t +@@ -68,15 +68,31 @@ if ( $pid == 0 ) { + + $client->verify_hostname($host,'http') or print "not "; + print "ok # client verify hostname in cert $host\n"; ++ # Shutdown TLS properly. Otherwise TLSv1.3 $server->accept() fails with ++ # ECONNRESET when a client disconnects too early. ++ $client->close('SSL_fast_shutdown' => 0); + } + exit; + } + ++# If the server dies, a client can get stuck in read(2) while Perl interpreter ++# is collecting children status in the die handler using wait4(2). ++$SIG{__DIE__} = sub { ++ STDERR->print("Server died. Killing client with $pid PID.\n"); ++ kill(9, $pid); ++}; + for my $host (@tests) { +- my $csock = $server->accept or print "not "; +- print "ok # server accept\n"; ++ my $csock = $server->accept; ++ if (!$csock) { ++ print "not ok # server accept SSL_ERROR='$SSL_ERROR', errno='$!'"; ++ } else { ++ print "ok # server accept\n"; ++ } + my $name = $csock->get_servername; + print "not " if ! $name or $name ne $host; + print "ok # server got SNI name $host\n"; ++ # Shutdown TLS properly. Otherwise TLSv1.3 $server->accept() fails with ++ # ECONNRESET when a client disconnects too early. ++ $csock->close('SSL_fast_shutdown' => 0); + } + wait; +-- +2.19.0 + diff -pruN 2.059-1/debian/patches/0006-Fix-building-on-systems-without-TLSv1.3-support.patch 2.059-2/debian/patches/0006-Fix-building-on-systems-without-TLSv1.3-support.patch --- 2.059-1/debian/patches/0006-Fix-building-on-systems-without-TLSv1.3-support.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.059-2/debian/patches/0006-Fix-building-on-systems-without-TLSv1.3-support.patch 2018-09-15 13:43:46.000000000 +0000 @@ -0,0 +1,41 @@ +From df130dbd662fd712c52757257b78b1224ee535d0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Tue, 21 Aug 2018 16:34:39 +0200 +Subject: [PATCH 6/6] Fix building on systems without TLSv1.3 support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If OpenSSL does not support TLSv1.3, Net::SSLeay does not have +TLS1_3_VERSION() and t/protocol_version.t fails with: + + # Failed test 'Your vendor has not defined SSLeay macro TLS1_3_VERSION at /home/test/fedora/perl-IO-Socket-SSL/IO-Socket-SSL-2.059/blib/lib/IO/Socket/SSL.pm line 2337. + # ' + # at ./t/testlib.pl line 39. + +This patch fixes creating IO::Socket:SSL context for TLSv1.3 by +checking whether it's supported by Net::SSLeay. + +Signed-off-by: Petr Písař +--- + lib/IO/Socket/SSL.pm | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/IO/Socket/SSL.pm b/lib/IO/Socket/SSL.pm +index 4812f77..25d36f6 100644 +--- a/lib/IO/Socket/SSL.pm ++++ b/lib/IO/Socket/SSL.pm +@@ -2391,6 +2391,10 @@ sub new { + # There is no CTX_tlsv1_3_new(). Create TLSv1.3 only context using + # a flexible method. + if ($ver eq 'TLSv1_3') { ++ if (!eval {Net::SSLeay::TLS1_3_VERSION()}) { ++ return IO::Socket::SSL->_internal_error( ++ "SSL Version $ver not supported",9); ++ } + if (!Net::SSLeay::CTX_set_min_proto_version($ctx, + Net::SSLeay::TLS1_3_VERSION()) or + !Net::SSLeay::CTX_set_max_proto_version($ctx, +-- +2.19.0 + diff -pruN 2.059-1/debian/patches/series 2.059-2/debian/patches/series --- 2.059-1/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ 2.059-2/debian/patches/series 2018-09-15 14:17:30.000000000 +0000 @@ -0,0 +1,7 @@ +0001-Adapt-to-OpenSSL-1.1.1.patch +0002-Do-two-way-shutdown-in-t-sni_verify.t.patch +0003-NPN-is-unavailable-in-TLSv1.3.patch +0004-Exclude-TLSv1.3-from-t-session_ticket.t.patch +0005-Do-two-way-shutdown-in-t-sni.t.patch +0006-Fix-building-on-systems-without-TLSv1.3-support.patch +t-protocol_version-ignore-sigpipe.patch diff -pruN 2.059-1/debian/patches/t-protocol_version-ignore-sigpipe.patch 2.059-2/debian/patches/t-protocol_version-ignore-sigpipe.patch --- 2.059-1/debian/patches/t-protocol_version-ignore-sigpipe.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.059-2/debian/patches/t-protocol_version-ignore-sigpipe.patch 2018-09-15 14:30:12.000000000 +0000 @@ -0,0 +1,15 @@ +Description: ignore SIGPIPE in t/protocol_version.t + seems to be necessary with TLSv1.3 +Author: Damyan Ivanov + +--- a/t/protocol_version.t ++++ b/t/protocol_version.t +@@ -10,6 +10,8 @@ do './testlib.pl' || do './t/testlib.pl' + plan skip_all => "Test::More has no done_testing" + if !defined &done_testing; + ++$SIG{PIPE} = 'IGNORE'; ++ + $|=1; + + my $XDEBUG = 0;