Resolves: RHEL-56508 - Patch the code to use https instead of http

This commit is contained in:
Jitka Plesnikova 2024-09-25 14:50:27 +02:00
parent 8e50124413
commit dd146e4084
4 changed files with 43 additions and 8 deletions

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

19
gating.yaml Normal file
View File

@ -0,0 +1,19 @@
# Fedora
--- !Policy
id: fedora_policy
product_versions:
- fedora-*
decision_contexts:
- bodhi_update_push_testing
- bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
# RHEL
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1,20 +1,18 @@
Name: perl-App-cpanminus
Version: 1.7044
Release: 4%{?dist}
Release: 5%{?dist}
Summary: Get, unpack, build and install CPAN modules
License: GPL+ or Artistic
Group: Development/Libraries
URL: https://metacpan.org/release/App-cpanminus
Source0: https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/App-cpanminus-%{version}.tar.gz
Source1: fatunpack
BuildArch: noarch
BuildRequires: %{_bindir}/podselect
BuildRequires: coreutils
BuildRequires: findutils
BuildRequires: make
BuildRequires: perl-interpreter
BuildRequires: perl-generators
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.30
BuildRequires: perl-interpreter
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76
BuildRequires: perl(File::Path)
BuildRequires: perl(File::Spec)
BuildRequires: perl(Getopt::Long)
@ -119,18 +117,19 @@ scripting. When running, it requires only 10 MB of RAM.
podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod
for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do
# CVE-2024-45321 - patch to use https instead of http
perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$1}g' "$F"
%{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped"
perl -c -Ilib "${F}.stripped"
mv "${F}.stripped" "$F"
done
%build
perl Makefile.PL INSTALLDIRS=vendor
perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1
make %{?_smp_mflags}
%install
make pure_install DESTDIR=%{buildroot}
find %{buildroot} -type f -name .packlist -delete
%{_fixperms} %{buildroot}/*
%check
@ -140,11 +139,15 @@ make test
%license LICENSE
%doc Changes README
%{perl_vendorlib}/*
%{_mandir}/man3/*
%{_mandir}/man1/*
%{_mandir}/man3/*
%{_bindir}/cpanm
%changelog
* Wed Sep 25 2024 Jitka Plesnikova <jplesnik@redhat.com> - 1.7044-5
- Patch the code to use https instead of http (CVE-2024-45321)
- Resolves: RHEL-56508
* Mon Jul 16 2018 Petr Pisar <ppisar@redhat.com> - 1.7044-4
- Require full Perl for non-duallived sub-packaged core modules

12
plans/internal.fmf Normal file
View File

@ -0,0 +1,12 @@
summary: Private (RHEL) beakerlib tests
enabled: false
adjust:
- when: distro == rhel
enabled: true
because: private tests are accesible only within rhel pipline
discover:
- name: rhel
how: fmf
url: https://pkgs.devel.redhat.com/git/tests/perl-App-cpanminus
execute:
how: tmt