Accepting request 1196316 from devel:languages:perl

OBS-URL: https://build.opensuse.org/request/show/1196316 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-App-cpanminus?expand=0&rev=22
2024-08-27 17:39:52 +00:00 · 2024-08-27 17:39:52 +00:00 · 6b29350869
commit 6b29350869
parent 64019f3c90 a835364f8d
3 changed files with 21 additions and 8 deletions
--- a/cpanspec.yml
+++ b/cpanspec.yml
@ -82,12 +82,15 @@ preamble: |-
 Obsoletes:      cpanm <= 1.5010

 post_prep: |-
- # Unbundle fat-packed modules
- podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod
+  # Unbundle fat-packed modules
+  podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod

- for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do
-    perl %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped"
-    perl -c -Ilib "${F}.stripped"
-    mv "${F}.stripped" "$F"
- done
+  # https://bugzilla.suse.com/show_bug.cgi?id=1229819 CVE-2024-45321 bsc#1229819
+  perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$2}g' bin/cpanm
+
+  for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do
+     perl %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped"
+     perl -c -Ilib "${F}.stripped"
+     mv "${F}.stripped" "$F"
+  done
 #license: SUSE-NonFree
--- a/perl-App-cpanminus.changes
+++ b/perl-App-cpanminus.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Aug 27 12:14:26 UTC 2024 - Tina Müller <tina.mueller@suse.com>
+
+- Add a patch to use https instead of http
+  https://bugzilla.suse.com/show_bug.cgi?id=1229819
+  CVE-2024-45321 bsc#1229819
+
 -------------------------------------------------------------------
 Mon Jul 31 03:06:01 UTC 2023 - Tina Müller <timueller+perl@suse.de>

--- a/perl-App-cpanminus.spec
+++ b/perl-App-cpanminus.spec
@ -1,7 +1,7 @@
 #
 # spec file for package perl-App-cpanminus
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -121,6 +121,9 @@ find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/scrip
 # Unbundle fat-packed modules
 podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod

+# https://bugzilla.suse.com/show_bug.cgi?id=1229819 CVE-2024-45321 bsc#1229819
+perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$2}g' bin/cpanm
+
 for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do
   perl %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped"
   perl -c -Ilib "${F}.stripped"