From dd146e4084318dbb76b080e1bc5ad87d0c42efee Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova Date: Wed, 25 Sep 2024 14:50:27 +0200 Subject: [PATCH] Resolves: RHEL-56508 - Patch the code to use https instead of http --- .fmf/version | 1 + gating.yaml | 19 +++++++++++++++++++ perl-App-cpanminus.spec | 19 +++++++++++-------- plans/internal.fmf | 12 ++++++++++++ 4 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 .fmf/version create mode 100644 gating.yaml create mode 100644 plans/internal.fmf diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..da7481a --- /dev/null +++ b/gating.yaml @@ -0,0 +1,19 @@ +# Fedora +--- !Policy +id: fedora_policy +product_versions: + - fedora-* +decision_contexts: + - bodhi_update_push_testing + - bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +# RHEL +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/perl-App-cpanminus.spec b/perl-App-cpanminus.spec index c32cc41..5c36856 100644 --- a/perl-App-cpanminus.spec +++ b/perl-App-cpanminus.spec @@ -1,20 +1,18 @@ Name: perl-App-cpanminus Version: 1.7044 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Get, unpack, build and install CPAN modules License: GPL+ or Artistic -Group: Development/Libraries URL: https://metacpan.org/release/App-cpanminus Source0: https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/App-cpanminus-%{version}.tar.gz Source1: fatunpack BuildArch: noarch BuildRequires: %{_bindir}/podselect BuildRequires: coreutils -BuildRequires: findutils BuildRequires: make -BuildRequires: perl-interpreter BuildRequires: perl-generators -BuildRequires: perl(ExtUtils::MakeMaker) >= 6.30 +BuildRequires: perl-interpreter +BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76 BuildRequires: perl(File::Path) BuildRequires: perl(File::Spec) BuildRequires: perl(Getopt::Long) @@ -119,18 +117,19 @@ scripting. When running, it requires only 10 MB of RAM. podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do + # CVE-2024-45321 - patch to use https instead of http + perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$1}g' "$F" %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped" perl -c -Ilib "${F}.stripped" mv "${F}.stripped" "$F" done %build -perl Makefile.PL INSTALLDIRS=vendor +perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 make %{?_smp_mflags} %install make pure_install DESTDIR=%{buildroot} -find %{buildroot} -type f -name .packlist -delete %{_fixperms} %{buildroot}/* %check @@ -140,11 +139,15 @@ make test %license LICENSE %doc Changes README %{perl_vendorlib}/* -%{_mandir}/man3/* %{_mandir}/man1/* +%{_mandir}/man3/* %{_bindir}/cpanm %changelog +* Wed Sep 25 2024 Jitka Plesnikova - 1.7044-5 +- Patch the code to use https instead of http (CVE-2024-45321) +- Resolves: RHEL-56508 + * Mon Jul 16 2018 Petr Pisar - 1.7044-4 - Require full Perl for non-duallived sub-packaged core modules diff --git a/plans/internal.fmf b/plans/internal.fmf new file mode 100644 index 0000000..a516946 --- /dev/null +++ b/plans/internal.fmf @@ -0,0 +1,12 @@ +summary: Private (RHEL) beakerlib tests +enabled: false +adjust: + - when: distro == rhel + enabled: true + because: private tests are accesible only within rhel pipline +discover: + - name: rhel + how: fmf + url: https://pkgs.devel.redhat.com/git/tests/perl-App-cpanminus +execute: + how: tmt