From 9bcded9c664462c820ccd15313524c537f761f8a Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova Date: Tue, 24 Sep 2024 08:06:07 +0200 Subject: [PATCH] Resolves: RHEL-56507 - Patch the code to use https instead of http --- gating.yaml | 6 +++++- perl-App-cpanminus.spec | 8 +++++++- plans/internal.fmf | 12 ++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 plans/internal.fmf diff --git a/gating.yaml b/gating.yaml index 24a0379..da7481a 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,7 +1,11 @@ +# Fedora --- !Policy +id: fedora_policy product_versions: - fedora-* -decision_context: bodhi_update_push_stable +decision_contexts: + - bodhi_update_push_testing + - bodhi_update_push_stable subject_type: koji_build rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/perl-App-cpanminus.spec b/perl-App-cpanminus.spec index 394056a..c63ec47 100644 --- a/perl-App-cpanminus.spec +++ b/perl-App-cpanminus.spec @@ -1,6 +1,6 @@ Name: perl-App-cpanminus Version: 1.7047 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Get, unpack, build and install CPAN modules # Other files: GPL+ or Artistic ## unbundled @@ -133,6 +133,8 @@ with "%{_libexecdir}/%{name}/test". podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do + # CVE-2024-45321 - patch to use https instead of http + perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$1}g' "$F" %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped" perl -c -Ilib "${F}.stripped" mv "${F}.stripped" "$F" @@ -177,6 +179,10 @@ make test %{_libexecdir}/%{name} %changelog +* Mon Sep 23 2024 Jitka Plesnikova - 1.7047-5 +- Patch the code to use https instead of http (CVE-2024-45321) +- Resolves: RHEL-56507 + * Mon Jun 24 2024 Troy Dawson - 1.7047-4 - Bump release for June 2024 mass rebuild diff --git a/plans/internal.fmf b/plans/internal.fmf new file mode 100644 index 0000000..a516946 --- /dev/null +++ b/plans/internal.fmf @@ -0,0 +1,12 @@ +summary: Private (RHEL) beakerlib tests +enabled: false +adjust: + - when: distro == rhel + enabled: true + because: private tests are accesible only within rhel pipline +discover: + - name: rhel + how: fmf + url: https://pkgs.devel.redhat.com/git/tests/perl-App-cpanminus +execute: + how: tmt