diff --git a/backport-CVE-2023-31484.patch b/backport-CVE-2023-31484.patch new file mode 100644 index 0000000..e178d0f --- /dev/null +++ b/backport-CVE-2023-31484.patch @@ -0,0 +1,25 @@ +From 9c98370287f4e709924aee7c58ef21c85289a7f0 Mon Sep 17 00:00:00 2001 +From: Stig Palmquist +Date: Tue, 28 Feb 2023 11:54:06 +0100 +Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server + identity + +--- + lib/CPAN/HTTP/Client.pm | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/CPAN/HTTP/Client.pm b/lib/CPAN/HTTP/Client.pm +index 4fc792c..a616fee 100644 +--- a/lib/CPAN/HTTP/Client.pm ++++ b/lib/CPAN/HTTP/Client.pm +@@ -32,6 +32,7 @@ sub mirror { + + my $want_proxy = $self->_want_proxy($uri); + my $http = HTTP::Tiny->new( ++ verify_SSL => 1, + $want_proxy ? (proxy => $self->{proxy}) : () + ); + +-- +2.33.0 + diff --git a/perl-CPAN.spec b/perl-CPAN.spec index dd8f860..21b8e82 100644 --- a/perl-CPAN.spec +++ b/perl-CPAN.spec @@ -1,12 +1,14 @@ Name: perl-CPAN Version: 2.29 -Release: 1 +Release: 2 Summary: Query, download and build perl modules from CPAN sites License: GPL+ or Artistic URL: https://metacpan.org/release/CPAN Source0: https://cpan.metacpan.org/authors/id/A/AN/ANDK/CPAN-%{version}.tar.gz BuildArch: noarch +Patch1: backport-CVE-2023-31484.patch + BuildRequires: coreutils findutils perl(Test::Pod) perl(Test::Pod::Coverage) >= 0.18 BuildRequires: perl-interpreter perl-generators perl(ExtUtils::MakeMaker) BuildRequires: perl(Test::More) perl(YAML) perl(Module::Build) @@ -41,7 +43,7 @@ Bundles simplify handling of sets of related modules. %package_help %prep -%setup -q -n CPAN-%{version} +%autosetup -n CPAN-%{version} -p1 %build perl Makefile.PL INSTALLDIRS=vendor NO_PERLLOCAL=1 NO_PACKLIST=1 @@ -64,7 +66,10 @@ make test %{_mandir}/man3/* %changelog -* Thu Feb 10 2022 tianwei - 2.29-1 +* Tue Jul 4 2023 yanglongkang - 2.29-2 +- fix CVE-2023-31484 + +* Thu Feb 10 2022 tianwei - 2.29-1 - upgrade to 2.29 * Tue Jan 14 2020 openEuler Buildteam - 2.27-3