From 800fff552247c1b053dcf0c6ad75465221b464fcfe6e681389627d182112bc8a Mon Sep 17 00:00:00 2001
From: Stephan Barth <stephan.barth@suse.com>
Date: Thu, 15 May 2014 10:43:41 +0000
Subject: [PATCH] Accepting request 234145 from
 home:vitezslav_cizek:branches:devel:languages:perl

- fix for CVE-2014-3230 (bnc#876862)
  * perl-LWP-Protocol-https: Environment variables HTTPS_CA_DIR or
    HTTPS_CA_FILE disable hostname verification
  * added CVE-2014-3230.patch

OBS-URL: https://build.opensuse.org/request/show/234145
OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-LWP-Protocol-https?expand=0&rev=10
---
 CVE-2014-3230.patch             | 27 +++++++++++++++++++++++++++
 perl-LWP-Protocol-https.changes |  8 ++++++++
 perl-LWP-Protocol-https.spec    |  4 +++-
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2014-3230.patch

diff --git a/CVE-2014-3230.patch b/CVE-2014-3230.patch
new file mode 100644
index 0000000..56e9548
--- /dev/null
+++ b/CVE-2014-3230.patch
@@ -0,0 +1,27 @@
+From 1b924708663f457a4f7c25ed35d7dfb3bb5b334d Mon Sep 17 00:00:00 2001
+From: Steffen Ullrich <Steffen_Ullrich@genua.de>
+Date: Sat, 3 May 2014 23:04:36 +0200
+Subject: [PATCH 1/3] Debian #746576 - don't disale verification if only
+ hostnames should not be verified
+
+---
+ lib/LWP/Protocol/https.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm
+===================================================================
+--- LWP-Protocol-https-6.04.orig/lib/LWP/Protocol/https.pm	2014-05-15 11:46:54.319643759 +0200
++++ LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm	2014-05-15 11:46:55.856660773 +0200
+@@ -20,7 +20,11 @@ sub _extra_sock_opts
+ 	$ssl_opts{SSL_verifycn_scheme} = 'www';
+     }
+     else {
+-	$ssl_opts{SSL_verify_mode} = 0;
++	if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
++	    $ssl_opts{SSL_verifycn_scheme} = '';
++	} else {
++	    $ssl_opts{SSL_verifycn_scheme} = 'none';
++	}
+     }
+     $self->{ssl_opts} = \%ssl_opts;
+     return (%ssl_opts, $self->SUPER::_extra_sock_opts);
diff --git a/perl-LWP-Protocol-https.changes b/perl-LWP-Protocol-https.changes
index 9748448..43e8575 100644
--- a/perl-LWP-Protocol-https.changes
+++ b/perl-LWP-Protocol-https.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu May 15 09:39:07 UTC 2014 - vcizek@suse.com
+
+- fix for CVE-2014-3230 (bnc#876862)
+  * perl-LWP-Protocol-https: Environment variables HTTPS_CA_DIR or
+    HTTPS_CA_FILE disable hostname verification
+  * added CVE-2014-3230.patch
+
 -------------------------------------------------------------------
 Wed Apr 30 17:23:34 UTC 2014 - lchiquitto@suse.com
 
diff --git a/perl-LWP-Protocol-https.spec b/perl-LWP-Protocol-https.spec
index 17ff9b7..8f59b3f 100644
--- a/perl-LWP-Protocol-https.spec
+++ b/perl-LWP-Protocol-https.spec
@@ -25,8 +25,9 @@ License:        Artistic-1.0 or GPL-1.0+
 Group:          Development/Libraries/Perl
 Url:            http://search.cpan.org/dist/LWP-Protocol-https/
 Source:         http://www.cpan.org/authors/id/G/GA/GAAS/%{cpan_name}-%{version}.tar.gz
-# patch for using system certificates                                                                                                                       
+# patch for using system certificates
 Patch0:         %{cpan_name}-6.04-systemca.diff
+Patch1:         CVE-2014-3230.patch
 BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
@@ -63,6 +64,7 @@ what underlying modules to install.
 %prep
 %setup -q -n %{cpan_name}-%{version}
 %patch0 -p1
+%patch1 -p1
 
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor