Resolves: RHEL-56520 - Patch the code to use https instead of http

2024-09-19 16:32:22 +02:00 · 2024-09-19 16:32:22 +02:00 · f76e24a603
commit f76e24a603
parent 73f531c65f
4 changed files with 41 additions and 4 deletions
--- a/gating.yaml
+++ b/gating.yaml
@ -1,7 +1,19 @@
+# Fedora
 --- !Policy
+id: fedora_policy
 product_versions:
  - fedora-*
-decision_context: bodhi_update_push_stable
+decision_contexts:
+  - bodhi_update_push_testing
+  - bodhi_update_push_stable
 subject_type: koji_build
 rules:
  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+# RHEL
+--- !Policy
+product_versions:
+  - rhel-*
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/perl-App-cpanminus.spec
+++ b/perl-App-cpanminus.spec
@ -1,6 +1,6 @@
 Name:           perl-App-cpanminus
 Version:        1.7044
-Release:        14%{?dist}
+Release:        15%{?dist}
 Summary:        Get, unpack, build and install CPAN modules
 # Other files:  GPL+ or Artistic
 ## unbundled
@ -134,12 +134,14 @@ with "%{_libexecdir}/%{name}/test".
 podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod

 for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do
+    # CVE-2024-45321 - patch to use https instead of http
+    perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$1}g' "$F"
    %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped"
    perl -c -Ilib "${F}.stripped"
    mv "${F}.stripped" "$F"
 done

-%patch0 -p1
+%patch -P0 -p1

 # Help generators to recognize Perl scripts
 for F in t/*.t; do
@ -170,14 +172,18 @@ make test
 %license LICENSE
 %doc Changes README
 %{perl_vendorlib}/*
-%{_mandir}/man3/*
 %{_mandir}/man1/*
+%{_mandir}/man3/*
 %{_bindir}/cpanm

 %files tests
 %{_libexecdir}/%{name}

 %changelog
+* Thu Sep 19 2024 Jitka Plesnikova <jplesnik@redhat.com> - 1.7044-15
+- Patch the code to use https instead of http (CVE-2024-45321)
+- Resolves: RHEL-56520
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.7044-14
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
--- a/plans/internal.fmf
+++ b/plans/internal.fmf
@ -0,0 +1,12 @@
+summary: Private (RHEL) beakerlib tests
+enabled: false
+adjust:
+  - when: distro == rhel
+    enabled: true
+    because: private tests are accesible only within rhel pipline
+discover:
+  - name: rhel
+    how: fmf
+    url: https://pkgs.devel.redhat.com/git/tests/perl-App-cpanminus
+execute:
+    how: tmt
--- a/tests/upstream-tests.fmf
+++ b/tests/upstream-tests.fmf
@ -2,3 +2,10 @@ summary: Upstream tests
 component: perl-App-cpanminus
 require: perl-App-cpanminus-tests
 test: /usr/libexec/perl-App-cpanminus/test
+enabled: true
+tag:
+  - rhel-buildroot
+adjust:
+  - enabled: false
+    when: distro < rhel-9 or distro < centos-stream-9
+    continue: false