Sync from SUSE:SLFO:1.1 perl-LWP-Protocol-https revision 5963c22d584a7d0af26ee13f0f8115f1

2025-04-15 23:20:09 +02:00
7 changed files with 81 additions and 84 deletions
--- a/CVE-2014-3230.patch
+++ b/CVE-2014-3230.patch
@@ -0,0 +1,40 @@
 From 1b924708663f457a4f7c25ed35d7dfb3bb5b334d Mon Sep 17 00:00:00 2001
 From: Steffen Ullrich <Steffen_Ullrich@genua.de>
 Date: Sat, 3 May 2014 23:04:36 +0200
 Subject: [PATCH 1/3] Debian #746576 - don't disale verification if only
 hostnames should not be verified
 ---
 lib/LWP/Protocol/https.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 Index: LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
 ===================================================================
 --- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm
 +++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
@@ -21,7 +21,11 @@ sub _extra_sock_opts
 	$ssl_opts{SSL_verifycn_scheme} = 'www';
     }
     else {
 -	$ssl_opts{SSL_verify_mode} = 0;
 +	if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
 +	    $ssl_opts{SSL_verifycn_scheme} = '';
 +	} else {
 +	    $ssl_opts{SSL_verifycn_scheme} = 'none';
 +	}
     }
     my $suse_allows_mozilla_ca = 0;
     if ($suse_allows_mozilla_ca && $ssl_opts{SSL_verify_mode}) {
 Index: LWP-Protocol-https-6.06/t/https_proxy.t
 ===================================================================
 --- LWP-Protocol-https-6.06.orig/t/https_proxy.t
 +++ LWP-Protocol-https-6.06/t/https_proxy.t
@@ -66,7 +66,7 @@ my %ua;
 $ua{noproxy} = LWP::UserAgent->new(
     keep_alive => 10, # size of connection cache
     # server does not know the expected name and returns generic certificate
 -    ssl_opts => { verify_hostname => 0 }
 +    ssl_opts => { verify_hostname => 0, SSL_ca_file => $cafile, }
 );
 $ua{proxy} = LWP::UserAgent->new(
--- a/LWP-Protocol-https-6.09-systemca.diff
+++ b/LWP-Protocol-https-6.09-systemca.diff
@@ -1,14 +1,24 @@
-diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm
+diff -ur LWP-Protocol-https-6.09/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.09_fix/lib/LWP/Protocol/https.pm
-index 16fce19..b1a18df 100644
+--- LWP-Protocol-https-6.09/lib/LWP/Protocol/https.pm	2020-07-16 15:33:07.000000000 +0200
--- a/lib/LWP/Protocol/https.pm
+++ LWP-Protocol-https-6.09_fix/lib/LWP/Protocol/https.pm	2020-10-15 15:56:49.380284037 +0200
-+++ b/lib/LWP/Protocol/https.pm
+@@ -22,7 +22,8 @@
-@@ -28,7 +28,8 @@ sub _extra_sock_opts
+     else {
-             $ssl_opts{SSL_verifycn_scheme} = 'none';
+ 	$ssl_opts{SSL_verify_mode} = 0;
         }
     }
 -    if ($ssl_opts{SSL_verify_mode}) {
 +    my $suse_allows_mozilla_ca = 0;
 +    if ($suse_allows_mozilla_ca && $ssl_opts{SSL_verify_mode}) {
-         unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
+ 	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
-             if ($Net::HTTPS::SSL_SOCKET_CLASS eq 'IO::Socket::SSL'
+ 	    eval {
-                 && defined &IO::Socket::SSL::default_ca
+ 		require Mozilla::CA;
 diff -ur LWP-Protocol-https-6.09/Makefile.PL LWP-Protocol-https-6.09_fix/Makefile.PL
 --- LWP-Protocol-https-6.09/Makefile.PL	2020-07-16 15:33:07.000000000 +0200
 +++ LWP-Protocol-https-6.09_fix/Makefile.PL	2020-10-15 15:56:08.235630479 +0200
@@ -22,7 +22,6 @@
     "IO::Socket::SSL" => "1.54",
     "LWP::Protocol::http" => 0,
     "LWP::UserAgent" => "6.06",
 -    "Mozilla::CA" => 20180117,
     "Net::HTTPS" => 6,
     "base" => 0,
     "strict" => 0
--- a/LWP-Protocol-https-6.10.tar.gz
+++ b/LWP-Protocol-https-6.10.tar.gz
--- a/LWP-Protocol-https-6.14.tar.gz
+++ b/LWP-Protocol-https-6.14.tar.gz
--- a/cpanspec.yml
+++ b/cpanspec.yml
@@ -8,6 +8,7 @@ patches:
 # patch for using system certificates
 "%{cpan_name}-6.09-systemca.diff": -p1
 # see https://github.com/libwww-perl/lwp-protocol-https/pull/14
 CVE-2014-3230.patch: -p1
 #preamble: |-
 # BuildRequires:  gcc-c++
 #post_prep: |-
--- a/perl-LWP-Protocol-https.changes
+++ b/perl-LWP-Protocol-https.changes
@@ -1,59 +1,3 @@
 -------------------------------------------------------------------
 Fri Mar 22 16:13:25 UTC 2024 - Tina Müller <timueller+perl@suse.de>
 - updated to 6.14
   see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes
  6.14      2024-03-11 01:08:33Z
      - Inherit with 'use parent' instead of 'use base' (GH#78) (Marin Tsanov)
 -------------------------------------------------------------------
 Fri Mar  8 22:41:00 UTC 2024 - Tina Müller <tina.mueller@suse.com>
 - Fix disabling of __perllib_provides
 -------------------------------------------------------------------
 Tue Feb  6 03:07:22 UTC 2024 - Tina Müller <timueller+perl@suse.de>
 - updated to 6.13
   see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes
  6.13      2024-02-06 01:00:50Z
      - Fix ssl upgrade for regular host names (GH#77) (Axel Burri)
  6.12      2024-01-22 17:51:31Z
      - Enable MultiHomed for IO::Socket::SSL (GH#61) (ℕicolas ℝ.)
      - Making it possible to use IPv6 in https call through https proxy
        environment (in case of using CONNECT method to create a tunnel) (GH#74)
        (Dmitriy Shamatrin)
 -------------------------------------------------------------------
 Fri Aug 11 16:36:32 UTC 2023 - Tina Müller <tina.mueller@suse.com>
 - Remove CVE-2014-3230.patch, upstream was fixed. CVE-2014-3230, Debian #746576
 -------------------------------------------------------------------
 Fri Aug 11 16:30:24 UTC 2023 - Tina Müller <tina.mueller@suse.com>
 - Update LWP-Protocol-https-6.09-systemca.diff
 -------------------------------------------------------------------
 Mon Jul 10 03:06:48 UTC 2023 - Tina Müller <timueller+perl@suse.de>
 - updated to 6.11
   see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes
  6.11      2023-07-09 15:10:30Z
      - Remove Authority section from dist.ini (GH#64) (Olaf Alders)
      - Add very basic diagnostic information via test (GH#73) (Olaf Alders)
      - CVE-2014-3230 - don't disable verification if only hostnames should not
        (GH#14) (Steffen Ullrich)
      - Make explicit requirement of Mozilla::CA obsolete (GH#72) (Steffen
        Ullrich and Olaf Alders)
      - Remove _in_san and _cn_match. Empty out the _check_sock hook (GH#71)
        (Chase Whitener)
      - Use warnings (GH#69) (Pete Houston)
 -------------------------------------------------------------------
 Fri Dec 18 03:07:41 UTC 2020 - Tina Müller <timueller+perl@suse.de>
--- a/perl-LWP-Protocol-https.spec
+++ b/perl-LWP-Protocol-https.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package perl-LWP-Protocol-https
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,36 +16,35 @@
 #
 %define cpan_name LWP-Protocol-https
 Name:           perl-LWP-Protocol-https
-Version:        6.140.0
+Version:        6.10
 Release:        0
-# 6.14 -> normalize -> 6.140.0
+%define cpan_name LWP-Protocol-https
 %define cpan_version 6.14
 License:        Artistic-1.0 OR GPL-1.0-or-later
 Summary:        Provide https support for LWP::UserAgent
 License:        Artistic-1.0 OR GPL-1.0-or-later
 Group:          Development/Libraries/Perl
 URL:            https://metacpan.org/release/%{cpan_name}
-Source0:        https://cpan.metacpan.org/authors/id/O/OA/OALDERS/%{cpan_name}-%{cpan_version}.tar.gz
+Source0:        https://cpan.metacpan.org/authors/id/O/OA/OALDERS/%{cpan_name}-%{version}.tar.gz
 Source1:        cpanspec.yml
 Patch0:         %{cpan_name}-6.09-systemca.diff
 Patch1:         CVE-2014-3230.patch
 BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
 BuildRequires:  perl-macros
-BuildRequires:  perl(IO::Socket::SSL) >= 1.970
+BuildRequires:  perl(IO::Socket::SSL) >= 1.54
 BuildRequires:  perl(IO::Socket::SSL::Utils)
 BuildRequires:  perl(LWP::Protocol::http)
 BuildRequires:  perl(LWP::UserAgent) >= 6.06
 #BuildRequires:  perl(Mozilla::CA) >= 20180117
 BuildRequires:  perl(Net::HTTPS) >= 6
 BuildRequires:  perl(Test::More) >= 0.96
 BuildRequires:  perl(Test::Needs) >= 0.002010
 BuildRequires:  perl(Test::RequiresInternet)
-Requires:       perl(IO::Socket::SSL) >= 1.970
+Requires:       perl(IO::Socket::SSL) >= 1.54
 Requires:       perl(LWP::Protocol::http)
 Requires:       perl(LWP::UserAgent) >= 6.06
 #Requires:       perl(Mozilla::CA) >= 20180117
 Requires:       perl(Net::HTTPS) >= 6
 Provides:       perl(LWP::Protocol::https) = %{version}
 Provides:       perl(LWP::Protocol::https::Socket) = %{version}
 %undefine       __perllib_provides
 %{perl_requires}
 %description
@@ -67,11 +66,13 @@ their dependency on LWP::Protocol::https and will no longer need to know
 what underlying modules to install.
 %prep
-%autosetup  -n %{cpan_name}-%{cpan_version} -p1
+%setup -q -n %{cpan_name}-%{version}
 %patch0 -p1
 %patch1 -p1
 %build
 perl Makefile.PL INSTALLDIRS=vendor
-%make_build
+make %{?_smp_mflags}
 %check
 make test
@@ -82,6 +83,7 @@ make test
 %perl_gen_filelist
 %files -f %{name}.files
 %defattr(-,root,root,755)
 %doc Changes CONTRIBUTING.md
 %license LICENSE