Accepting request 298707 from devel:languages:perl

- updated to 6.06 see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes 2014-04-18 LWP-Protocol-https 6.06 Mike Schilli (3): Merge pull request #12 from drieux/subjectAltName Merge pull request #9 from chorny/master Updated libwww requirement to 6.06 to fix failing t/proxy.t test cases. Gisle Aas (2): Getopt::Long isn't actually used Merge pull request #7 from noxxi/master Alexandr Ciornii (1): better diagnostics in case of failures in apache.t Karen Etheridge (1): Merge pull request #8 from cpansprout/patch-1 Steffen Ullrich (1): correct behavior for https_proxy, this goes together with change to libwww-perl cb80c2ddb7, new method _upgrade_sock in LWP::Protocol::https cpansprout (1): Typo fix: envirionment =~ s/io/o/ drieux (1): support for subjectAltName OBS-URL: https://build.opensuse.org/request/show/298707 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-LWP-Protocol-https?expand=0&rev=13
2015-04-25 14:46:49 +00:00 · 2015-04-25 14:46:49 +00:00 · caadfa4b5e
commit caadfa4b5e
parent d7ab5492ee ef8dde830d
7 changed files with 112 additions and 63 deletions
--- a/CVE-2014-3230.patch
+++ b/CVE-2014-3230.patch
@ -8,11 +8,11 @@ Subject: [PATCH 1/3] Debian #746576 - don't disale verification if only
 lib/LWP/Protocol/https.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-Index: LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm
+Index: LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
 ===================================================================
--- LWP-Protocol-https-6.04.orig/lib/LWP/Protocol/https.pm	2014-05-15 11:46:54.319643759 +0200
-+++ LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm	2014-05-15 11:46:55.856660773 +0200
-@@ -20,7 +20,11 @@ sub _extra_sock_opts
+--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm
+++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
+@@ -21,7 +21,11 @@ sub _extra_sock_opts
 	$ssl_opts{SSL_verifycn_scheme} = 'www';
     }
     else {
@ -23,5 +23,18 @@ Index: LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm
 +	    $ssl_opts{SSL_verifycn_scheme} = 'none';
 +	}
     }
-     $self->{ssl_opts} = \%ssl_opts;
-     return (%ssl_opts, $self->SUPER::_extra_sock_opts);
+     my $suse_allows_mozilla_ca = 0;
+     if ($suse_allows_mozilla_ca && $ssl_opts{SSL_verify_mode}) {
+Index: LWP-Protocol-https-6.06/t/https_proxy.t
+===================================================================
+--- LWP-Protocol-https-6.06.orig/t/https_proxy.t
+++ LWP-Protocol-https-6.06/t/https_proxy.t
+@@ -66,7 +66,7 @@ my %ua;
+ $ua{noproxy} = LWP::UserAgent->new(
+     keep_alive => 10, # size of connection cache
+     # server does not know the expected name and returns generic certificate
+-    ssl_opts => { verify_hostname => 0 }
+    ssl_opts => { verify_hostname => 0, SSL_ca_file => $cafile, }
+ );
+ 
+ $ua{proxy} = LWP::UserAgent->new(
--- a/LWP-Protocol-https-6.04-systemca.diff
+++ b/LWP-Protocol-https-6.04-systemca.diff
@ -11,37 +11,37 @@ CA-certificates if no options are passed.
 lib/LWP/Protocol/https.pm | 23 -----------------------
 3 files changed, 1 insertion(+), 32 deletions(-)

-diff --git a/Makefile.PL b/Makefile.PL
-index 805eac8..3c66fb7 100644
--- a/Makefile.PL
-+++ b/Makefile.PL
+Index: LWP-Protocol-https-6.06/Makefile.PL
+===================================================================
+--- LWP-Protocol-https-6.06.orig/Makefile.PL
+++ LWP-Protocol-https-6.06/Makefile.PL
@@ -15,7 +15,6 @@ WriteMakefile(
- 	'LWP::UserAgent' => '6.04',
+ 	'LWP::UserAgent' => '6.06',
 	'Net::HTTPS' => 6,
 	'IO::Socket::SSL' => "1.54",
 -	'Mozilla::CA' => "20110101",
     },
     META_MERGE => {
 	resources => {
-diff --git a/README b/README
-index 8e67078..7c4b5e2 100644
--- a/README
-+++ b/README
-@@ -13,13 +13,6 @@ DESCRIPTION
+Index: LWP-Protocol-https-6.06/README
+===================================================================
+--- LWP-Protocol-https-6.06.orig/README
+++ LWP-Protocol-https-6.06/README
+@@ -17,13 +17,6 @@ DESCRIPTION
     you don't use it directly. Once the module is installed LWP is able to
     access sites using HTTP over SSL/TLS.
 
-    If hostname verification is requested by LWP::UserAgent's `ssl_opts',
-    and neither `SSL_ca_file' nor `SSL_ca_path' is set, then `SSL_ca_file'
+-    If hostname verification is requested by LWP::UserAgent's "ssl_opts",
+-    and neither "SSL_ca_file" nor "SSL_ca_path" is set, then "SSL_ca_file"
 -    is implied to be the one provided by Mozilla::CA. If the Mozilla::CA
 -    module isn't available SSL requests will fail. Either install this
-    module, set up an alternative `SSL_ca_file' or disable hostname
+-    module, set up an alternative "SSL_ca_file" or disable hostname
 -    verification.
 -
     This module used to be bundled with the libwww-perl, but it was
     unbundled in v6.02 in order to be able to declare its dependencies
     properly for the CPAN tool-chain. Applications that need https support
-@@ -27,7 +20,7 @@ DESCRIPTION
+@@ -31,7 +24,7 @@ DESCRIPTION
     longer need to know what underlying modules to install.
 
 SEE ALSO
@ -50,40 +50,17 @@ index 8e67078..7c4b5e2 100644
 
 COPYRIGHT
     Copyright 1997-2011 Gisle Aas.
-diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm
-index f7230e2..e210049 100644
--- a/lib/LWP/Protocol/https.pm
-+++ b/lib/LWP/Protocol/https.pm
-@@ -22,29 +22,6 @@ sub _extra_sock_opts
+Index: LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
+===================================================================
+--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm
+++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
+@@ -23,7 +23,8 @@ sub _extra_sock_opts
     else {
 	$ssl_opts{SSL_verify_mode} = 0;
     }
 -    if ($ssl_opts{SSL_verify_mode}) {
-	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
-	    eval {
-		require Mozilla::CA;
-	    };
-	    if ($@) {
-		if ($@ =! /^Can't locate Mozilla\/CA\.pm/) {
-		    $@ = <<'EOT';
-Can't verify SSL peers without knowing which Certificate Authorities to trust
-
-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
-envirionment variable or by installing the Mozilla::CA module.
-
-To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
-envirionment variable to 0.  If you do this you can't be sure that you
-communicate with the expected peer.
-EOT
-		}
-		die $@;
-	    }
-	    $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file();
-	}
-    }
-     $self->{ssl_opts} = \%ssl_opts;
-     return (%ssl_opts, $self->SUPER::_extra_sock_opts);
- }
-- 
-1.8.1.4
-
+    my $suse_allows_mozilla_ca = 0;
+    if ($suse_allows_mozilla_ca && $ssl_opts{SSL_verify_mode}) {
+ 	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
+ 	    eval {
+ 		require Mozilla::CA;
--- a/LWP-Protocol-https-6.04.tar.gz
+++ b/LWP-Protocol-https-6.04.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1ef67750ee363525cf729b59afde805ac4dc80eaf8d36ca01082a4d78a7af629
-size 4035
--- a/LWP-Protocol-https-6.06.tar.gz
+++ b/LWP-Protocol-https-6.06.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b86c83cc1dcf4a6f84e2fbe32f9c39591a36e6e418af00533505f3452496adef
+size 8376
--- a/cpanspec.yml
+++ b/cpanspec.yml
@ -0,0 +1,23 @@
+---
+#description_paragraphs: 3
+#no_testing: broken upstream
+#sources:
+#  - source1
+#  - source2
+patches:
+ # patch for using system certificates
+ "%{cpan_name}-6.04-systemca.diff": -p1
+ # see https://github.com/libwww-perl/lwp-protocol-https/pull/14
+ CVE-2014-3230.patch: -p1
+#preamble: |-
+# BuildRequires:  gcc-c++
+#post_prep: |-
+# hunspell=`pkg-config --libs hunspell | sed -e 's,-l,,; s,  *,,g'`
+# sed -i -e "s,hunspell-X,$hunspell," t/00-prereq.t Makefile.PL 
+#post_install: |-
+# sed on %{name}.files
+#license: SUSE-NonFree
+#skip_noarch: 1
+#custom_build: -
+#./Build build flags=%{?_smp_mflags} --myflag
+ignore_requires: Mozilla::CA
--- a/perl-LWP-Protocol-https.changes
+++ b/perl-LWP-Protocol-https.changes
@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Thu Apr 23 06:00:03 UTC 2015 - coolo@suse.com
+
+- updated to 6.06
+   see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes
+
+  2014-04-18 LWP-Protocol-https 6.06
+  
+  Mike Schilli (3):
+        Merge pull request #12 from drieux/subjectAltName
+        Merge pull request #9 from chorny/master
+        Updated libwww requirement to 6.06 to fix failing t/proxy.t test cases.
+  
+  Gisle Aas (2):
+        Getopt::Long isn't actually used
+        Merge pull request #7 from noxxi/master
+  
+  Alexandr Ciornii (1):
+        better diagnostics in case of failures in apache.t
+  
+  Karen Etheridge (1):
+        Merge pull request #8 from cpansprout/patch-1
+  
+  Steffen Ullrich (1):
+        correct behavior for https_proxy, this goes together with change to 
+        libwww-perl cb80c2ddb7, new method _upgrade_sock in LWP::Protocol::https
+  
+  cpansprout (1):
+        Typo fix: envirionment =~ s/io/o/
+  
+  drieux (1):
+        support for subjectAltName
+  
+  
+  _______________________________________________________________________________
+
 -------------------------------------------------------------------
 Thu May 15 09:39:07 UTC 2014 - vcizek@suse.com

--- a/perl-LWP-Protocol-https.spec
+++ b/perl-LWP-Protocol-https.spec
@ -1,7 +1,7 @@
 #
 # spec file for package perl-LWP-Protocol-https
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,15 +17,15 @@


 Name:           perl-LWP-Protocol-https
-Version:        6.04
+Version:        6.06
 Release:        0
 %define cpan_name LWP-Protocol-https
 Summary:        Provide https support for LWP::UserAgent
 License:        Artistic-1.0 or GPL-1.0+
 Group:          Development/Libraries/Perl
 Url:            http://search.cpan.org/dist/LWP-Protocol-https/
-Source:         http://www.cpan.org/authors/id/G/GA/GAAS/%{cpan_name}-%{version}.tar.gz
-# patch for using system certificates
+Source0:        http://www.cpan.org/authors/id/M/MS/MSCHILLI/%{cpan_name}-%{version}.tar.gz
+Source1:        cpanspec.yml
 Patch0:         %{cpan_name}-6.04-systemca.diff
 Patch1:         CVE-2014-3230.patch
 BuildArch:      noarch
@ -33,14 +33,14 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
 BuildRequires:  perl-macros
 BuildRequires:  perl(IO::Socket::SSL) >= 1.54
-BuildRequires:  perl(LWP::UserAgent) >= 6.04
+BuildRequires:  perl(LWP::UserAgent) >= 6.06
 #BuildRequires:  perl(Mozilla::CA) >= 20110101
 BuildRequires:  perl(Net::HTTPS) >= 6
-#BuildRequires: perl(LWP::Protocol::http)
 Requires:       perl(IO::Socket::SSL) >= 1.54
-Requires:       perl(LWP::UserAgent) >= 6.04
+Requires:       perl(LWP::UserAgent) >= 6.06
 #Requires:       perl(Mozilla::CA) >= 20110101
 Requires:       perl(Net::HTTPS) >= 6
+BuildRequires:  ca-certificates
 %{perl_requires}

 %description