fix CVE-2023-31484
(cherry picked from commit 62431992be4aa21027e57b29deaf6b1418477511)
This commit is contained in:
markeryang
openeuler-sync-bot
parent
88c7382a9c
commit
cd3d5841dd
25
backport-CVE-2023-31484.patch
Normal file
25
backport-CVE-2023-31484.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 9c98370287f4e709924aee7c58ef21c85289a7f0 Mon Sep 17 00:00:00 2001
|
||||
From: Stig Palmquist <git@stig.io>
|
||||
Date: Tue, 28 Feb 2023 11:54:06 +0100
|
||||
Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
|
||||
identity
|
||||
|
||||
---
|
||||
lib/CPAN/HTTP/Client.pm | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/lib/CPAN/HTTP/Client.pm b/lib/CPAN/HTTP/Client.pm
|
||||
index 4fc792c..a616fee 100644
|
||||
--- a/lib/CPAN/HTTP/Client.pm
|
||||
+++ b/lib/CPAN/HTTP/Client.pm
|
||||
@@ -32,6 +32,7 @@ sub mirror {
|
||||
|
||||
my $want_proxy = $self->_want_proxy($uri);
|
||||
my $http = HTTP::Tiny->new(
|
||||
+ verify_SSL => 1,
|
||||
$want_proxy ? (proxy => $self->{proxy}) : ()
|
||||
);
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,12 +1,14 @@
|
||||
Name: perl-CPAN
|
||||
Version: 2.29
|
||||
Release: 1
|
||||
Release: 2
|
||||
Summary: Query, download and build perl modules from CPAN sites
|
||||
License: GPL+ or Artistic
|
||||
URL: https://metacpan.org/release/CPAN
|
||||
Source0: https://cpan.metacpan.org/authors/id/A/AN/ANDK/CPAN-%{version}.tar.gz
|
||||
BuildArch: noarch
|
||||
|
||||
Patch1: backport-CVE-2023-31484.patch
|
||||
|
||||
BuildRequires: coreutils findutils perl(Test::Pod) perl(Test::Pod::Coverage) >= 0.18
|
||||
BuildRequires: perl-interpreter perl-generators perl(ExtUtils::MakeMaker)
|
||||
BuildRequires: perl(Test::More) perl(YAML) perl(Module::Build)
|
||||
@ -41,7 +43,7 @@ Bundles simplify handling of sets of related modules.
|
||||
%package_help
|
||||
|
||||
%prep
|
||||
%setup -q -n CPAN-%{version}
|
||||
%autosetup -n CPAN-%{version} -p1
|
||||
|
||||
%build
|
||||
perl Makefile.PL INSTALLDIRS=vendor NO_PERLLOCAL=1 NO_PACKLIST=1
|
||||
@ -64,7 +66,10 @@ make test
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Thu Feb 10 2022 tianwei <tianwei12@@h-partners.com> - 2.29-1
|
||||
* Tue Jul 4 2023 yanglongkang <yanglongkang@h-partners.com> - 2.29-2
|
||||
- fix CVE-2023-31484
|
||||
|
||||
* Thu Feb 10 2022 tianwei <tianwei12@h-partners.com> - 2.29-1
|
||||
- upgrade to 2.29
|
||||
|
||||
* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.27-3
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user