packages/perl-CPAN
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!14 [sync] PR-8: fix CVE-2023-31484

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @openeuler-basic 
Signed-off-by: @openeuler-basic
This commit is contained in:
openeuler-ci-bot 2023-07-05 02:45:50 +00:00 committed by Gitee
commit cd9cfbad10
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
backport-CVE-2023-31484.patch Normal file
View File

@ -0,0 +1,25 @@
From 9c98370287f4e709924aee7c58ef21c85289a7f0 Mon Sep 17 00:00:00 2001
From: Stig Palmquist <git@stig.io>
Date: Tue, 28 Feb 2023 11:54:06 +0100
Subject: [PATCH] Add verify_SSL=>1 to HTTP::Tiny to verify https server
identity
---
lib/CPAN/HTTP/Client.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/CPAN/HTTP/Client.pm b/lib/CPAN/HTTP/Client.pm
index 4fc792c..a616fee 100644
--- a/lib/CPAN/HTTP/Client.pm
+++ b/lib/CPAN/HTTP/Client.pm
@@ -32,6 +32,7 @@ sub mirror {
my $want_proxy = $self->_want_proxy($uri);
my $http = HTTP::Tiny->new(
+ verify_SSL => 1,
$want_proxy ? (proxy => $self->{proxy}) : ()
);
--
2.33.0

11
perl-CPAN.spec
View File

@ -1,12 +1,14 @@
Name: perl-CPAN Name: perl-CPAN
Version: 2.29 Version: 2.29
Release: 1 Release: 2
Summary: Query, download and build perl modules from CPAN sites Summary: Query, download and build perl modules from CPAN sites
License: GPL+ or Artistic License: GPL+ or Artistic
URL: https://metacpan.org/release/CPAN URL: https://metacpan.org/release/CPAN
Source0: https://cpan.metacpan.org/authors/id/A/AN/ANDK/CPAN-%{version}.tar.gz Source0: https://cpan.metacpan.org/authors/id/A/AN/ANDK/CPAN-%{version}.tar.gz
BuildArch: noarch BuildArch: noarch
Patch1: backport-CVE-2023-31484.patch
BuildRequires: coreutils findutils perl(Test::Pod) perl(Test::Pod::Coverage) >= 0.18 BuildRequires: coreutils findutils perl(Test::Pod) perl(Test::Pod::Coverage) >= 0.18
BuildRequires: perl-interpreter perl-generators perl(ExtUtils::MakeMaker) BuildRequires: perl-interpreter perl-generators perl(ExtUtils::MakeMaker)
BuildRequires: perl(Test::More) perl(YAML) perl(Module::Build) BuildRequires: perl(Test::More) perl(YAML) perl(Module::Build)
@ -41,7 +43,7 @@ Bundles simplify handling of sets of related modules.
%package_help %package_help
%prep %prep
%setup -q -n CPAN-%{version} %autosetup -n CPAN-%{version} -p1
%build %build
perl Makefile.PL INSTALLDIRS=vendor NO_PERLLOCAL=1 NO_PACKLIST=1 perl Makefile.PL INSTALLDIRS=vendor NO_PERLLOCAL=1 NO_PACKLIST=1
@ -64,7 +66,10 @@ make test
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Thu Feb 10 2022 tianwei <tianwei12@@h-partners.com> - 2.29-1 * Tue Jul 4 2023 yanglongkang <yanglongkang@h-partners.com> - 2.29-2
- fix CVE-2023-31484
* Thu Feb 10 2022 tianwei <tianwei12@h-partners.com> - 2.29-1
- upgrade to 2.29 - upgrade to 2.29
* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.27-3 * Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.27-3