ALP-pool/perl-LWP-Protocol-https
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 perl-LWP-Protocol-https revision 5963c22d584a7d0af26ee13f0f8115f1

Browse Source
This commit is contained in:
Adrian Schröter 2023-05-17 15:14:19 +02:00
commit afa4d48c4e
7 changed files with 326 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

40
CVE-2014-3230.patch Normal file
View File

@ -0,0 +1,40 @@
From 1b924708663f457a4f7c25ed35d7dfb3bb5b334d Mon Sep 17 00:00:00 2001
From: Steffen Ullrich <Steffen_Ullrich@genua.de>
Date: Sat, 3 May 2014 23:04:36 +0200
Subject: [PATCH 1/3] Debian #746576 - don't disale verification if only
hostnames should not be verified
---
lib/LWP/Protocol/https.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
===================================================================
--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm
+++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
@@ -21,7 +21,11 @@ sub _extra_sock_opts
$ssl_opts{SSL_verifycn_scheme} = 'www';
}
else {
- $ssl_opts{SSL_verify_mode} = 0;
+ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
+ $ssl_opts{SSL_verifycn_scheme} = '';
+ } else {
+ $ssl_opts{SSL_verifycn_scheme} = 'none';
+ }
}
my $suse_allows_mozilla_ca = 0;
if ($suse_allows_mozilla_ca && $ssl_opts{SSL_verify_mode}) {
Index: LWP-Protocol-https-6.06/t/https_proxy.t
===================================================================
--- LWP-Protocol-https-6.06.orig/t/https_proxy.t
+++ LWP-Protocol-https-6.06/t/https_proxy.t
@@ -66,7 +66,7 @@ my %ua;
$ua{noproxy} = LWP::UserAgent->new(
keep_alive => 10, # size of connection cache
# server does not know the expected name and returns generic certificate
- ssl_opts => { verify_hostname => 0 }
+ ssl_opts => { verify_hostname => 0, SSL_ca_file => $cafile, }
);
$ua{proxy} = LWP::UserAgent->new(

24
LWP-Protocol-https-6.09-systemca.diff Normal file
View File

@ -0,0 +1,24 @@
diff -ur LWP-Protocol-https-6.09/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.09_fix/lib/LWP/Protocol/https.pm
--- LWP-Protocol-https-6.09/lib/LWP/Protocol/https.pm 2020-07-16 15:33:07.000000000 +0200
+++ LWP-Protocol-https-6.09_fix/lib/LWP/Protocol/https.pm 2020-10-15 15:56:49.380284037 +0200
@@ -22,7 +22,8 @@
else {
$ssl_opts{SSL_verify_mode} = 0;
}
- if ($ssl_opts{SSL_verify_mode}) {
+ my $suse_allows_mozilla_ca = 0;
+ if ($suse_allows_mozilla_ca && $ssl_opts{SSL_verify_mode}) {
unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
eval {
require Mozilla::CA;
diff -ur LWP-Protocol-https-6.09/Makefile.PL LWP-Protocol-https-6.09_fix/Makefile.PL
--- LWP-Protocol-https-6.09/Makefile.PL 2020-07-16 15:33:07.000000000 +0200
+++ LWP-Protocol-https-6.09_fix/Makefile.PL 2020-10-15 15:56:08.235630479 +0200
@@ -22,7 +22,6 @@
"IO::Socket::SSL" => "1.54",
"LWP::Protocol::http" => 0,
"LWP::UserAgent" => "6.06",
- "Mozilla::CA" => 20180117,
"Net::HTTPS" => 6,
"base" => 0,
"strict" => 0

BIN
LWP-Protocol-https-6.10.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

23
cpanspec.yml Normal file
View File

@ -0,0 +1,23 @@
---
#description_paragraphs: 3
#no_testing: broken upstream
#sources:
# - source1
# - source2
patches:
# patch for using system certificates
"%{cpan_name}-6.09-systemca.diff": -p1
# see https://github.com/libwww-perl/lwp-protocol-https/pull/14
CVE-2014-3230.patch: -p1
#preamble: |-
# BuildRequires: gcc-c++
#post_prep: |-
# hunspell=`pkg-config --libs hunspell | sed -e 's,-l,,; s, *,,g'`
# sed -i -e "s,hunspell-X,$hunspell," t/00-prereq.t Makefile.PL
#post_install: |-
# sed on %{name}.files
#license: SUSE-NonFree
#skip_noarch: 1
#custom_build: -
#./Build build flags=%{?_smp_mflags} --myflag
ignore_requires: Mozilla::CA

123
perl-LWP-Protocol-https.changes Normal file
View File

@ -0,0 +1,123 @@
-------------------------------------------------------------------
Fri Dec 18 03:07:41 UTC 2020 - Tina Müller <timueller+perl@suse.de>
- updated to 6.10
see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes
6.10 2020-12-17 15:42:06Z
- Fix #39 - prevent user env from breaking the test (GH#63) (Gianni
Ceccarelli)
- Include Net::SSLeay in reported prereqs (GH#60) (Olaf Alders)
- Use GitHub as a bug tracker (GH#59) (Olaf Alders)
-------------------------------------------------------------------
Thu Oct 15 13:58:08 UTC 2020 - Dirk Stoecker <opensuse@dstoecker.de>
- updated to 6.09
see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes
6.09 2020-07-16 13:33:05Z
- Make available the version of SSL/TLS protocol used in the connection
(GH#56) (Jon Jensen)
6.08 2020-03-23 20:19:22Z (TRIAL RELEASE)
- Add defined check (GH#53) (Mohammad S Anwar)
- Fix copyright year (GH#55) (Olaf Alders)
- Upgrade Mozilla::CA dependency; originally #26 by dolmen (GH#54) (Shoichi Kaji)
- Adds coverage tests (GH#51) (Juan Julin Merelo Guervs)
- Migrated to DZil (GH PR#30)
- Moved bug tracking from RT to GitHub (GH#48) (Olaf Alders)
Rebase patch LWP-Protocol-https-6.04-systemca.diff to LWP-Protocol-https-6.09-systemca.diff
-------------------------------------------------------------------
Thu Sep 13 15:42:12 UTC 2018 - pmonrealgonzalez@suse.com
- 6.07 2017-02-19
- Cleaned up the Changes log
- Explicitly add hostname for SNI to start_SSL (GH PR#17)
- Fix the license name
- Update some documentation on SSL args
- Fix bug when checking for Mozilla::CA (GH PR#29)
- Refreshed patch LWP-Protocol-https-6.04-systemca.diff
- Cleaned spec file with spec-cleaner
-------------------------------------------------------------------
Thu Apr 23 06:00:03 UTC 2015 - coolo@suse.com
- updated to 6.06
see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes
2014-04-18 LWP-Protocol-https 6.06
Mike Schilli (3):
Merge pull request #12 from drieux/subjectAltName
Merge pull request #9 from chorny/master
Updated libwww requirement to 6.06 to fix failing t/proxy.t test cases.
Gisle Aas (2):
Getopt::Long isn't actually used
Merge pull request #7 from noxxi/master
Alexandr Ciornii (1):
better diagnostics in case of failures in apache.t
Karen Etheridge (1):
Merge pull request #8 from cpansprout/patch-1
Steffen Ullrich (1):
correct behavior for https_proxy, this goes together with change to
libwww-perl cb80c2ddb7, new method _upgrade_sock in LWP::Protocol::https
cpansprout (1):
Typo fix: envirionment =~ s/io/o/
drieux (1):
support for subjectAltName
_______________________________________________________________________________
-------------------------------------------------------------------
Thu May 15 09:39:07 UTC 2014 - vcizek@suse.com
- fix for CVE-2014-3230 (bnc#876862)
* perl-LWP-Protocol-https: Environment variables HTTPS_CA_DIR or
HTTPS_CA_FILE disable hostname verification
* added CVE-2014-3230.patch
-------------------------------------------------------------------
Wed Apr 30 17:23:34 UTC 2014 - lchiquitto@suse.com
- Remove old tarball (6.03).
-------------------------------------------------------------------
Wed Jul 3 09:32:03 UTC 2013 - lnussel@suse.de
- Version 6.04
* Fix IO::Socket::SSL warnings when not verifying hostname.
* Doc spelling fix.
- Remove usage of Mozilla::CA entirely. IO::Socket::SSL will do the
right thing instead.
-------------------------------------------------------------------
Tue Feb 21 11:26:38 UTC 2012 - coolo@suse.com
- updated to 6.03
* Skip test if offline [RT#74163]
* Typo fixes
* Restore perl-5.8.1 compatibility.
-------------------------------------------------------------------
Tue Mar 29 12:06:43 UTC 2011 - vcizek@novell.com
- initial package 6.02
* created by cpanspec 1.78.03
This module used to be bundled with the libwww-perl, but it was unbundled in
v6.02 in order to be able to declare its dependencies properly for the CPAN
tool-chain. Applications that need https support can just declare their
dependency on LWP::Protocol::https and will no longer need to know what
underlying modules to install.

90
perl-LWP-Protocol-https.spec Normal file
View File

@ -0,0 +1,90 @@
#
# spec file for package perl-LWP-Protocol-https
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: perl-LWP-Protocol-https
Version: 6.10
Release: 0
%define cpan_name LWP-Protocol-https
Summary: Provide https support for LWP::UserAgent
License: Artistic-1.0 OR GPL-1.0-or-later
Group: Development/Libraries/Perl
URL: https://metacpan.org/release/%{cpan_name}
Source0: https://cpan.metacpan.org/authors/id/O/OA/OALDERS/%{cpan_name}-%{version}.tar.gz
Source1: cpanspec.yml
Patch0: %{cpan_name}-6.09-systemca.diff
Patch1: CVE-2014-3230.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: perl
BuildRequires: perl-macros
BuildRequires: perl(IO::Socket::SSL) >= 1.54
BuildRequires: perl(IO::Socket::SSL::Utils)
BuildRequires: perl(LWP::Protocol::http)
BuildRequires: perl(LWP::UserAgent) >= 6.06
#BuildRequires: perl(Mozilla::CA) >= 20180117
BuildRequires: perl(Net::HTTPS) >= 6
BuildRequires: perl(Test::More) >= 0.96
BuildRequires: perl(Test::RequiresInternet)
Requires: perl(IO::Socket::SSL) >= 1.54
Requires: perl(LWP::Protocol::http)
Requires: perl(LWP::UserAgent) >= 6.06
#Requires: perl(Mozilla::CA) >= 20180117
Requires: perl(Net::HTTPS) >= 6
%{perl_requires}
%description
The LWP::Protocol::https module provides support for using https schemed
URLs with LWP. This module is a plug-in to the LWP protocol handling, so
you don't use it directly. Once the module is installed LWP is able to
access sites using HTTP over SSL/TLS.
If hostname verification is requested by LWP::UserAgent's 'ssl_opts', and
neither 'SSL_ca_file' nor 'SSL_ca_path' is set, then 'SSL_ca_file' is
implied to be the one provided by Mozilla::CA. If the Mozilla::CA module
isn't available SSL requests will fail. Either install this module, set up
an alternative 'SSL_ca_file' or disable hostname verification.
This module used to be bundled with the libwww-perl, but it was unbundled
in v6.02 in order to be able to declare its dependencies properly for the
CPAN tool-chain. Applications that need https support can just declare
their dependency on LWP::Protocol::https and will no longer need to know
what underlying modules to install.
%prep
%setup -q -n %{cpan_name}-%{version}
%patch0 -p1
%patch1 -p1
%build
perl Makefile.PL INSTALLDIRS=vendor
make %{?_smp_mflags}
%check
make test
%install
%perl_make_install
%perl_process_packlist
%perl_gen_filelist
%files -f %{name}.files
%defattr(-,root,root,755)
%doc Changes CONTRIBUTING.md
%license LICENSE
%changelog