From f76e24a603cc433959a981bd268effb1f7fb818f Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova Date: Thu, 19 Sep 2024 16:32:22 +0200 Subject: [PATCH] Resolves: RHEL-56520 - Patch the code to use https instead of http --- gating.yaml | 14 +++++++++++++- perl-App-cpanminus.spec | 12 +++++++++--- plans/internal.fmf | 12 ++++++++++++ tests/upstream-tests.fmf | 7 +++++++ 4 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 plans/internal.fmf diff --git a/gating.yaml b/gating.yaml index 282e16b..da7481a 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,7 +1,19 @@ +# Fedora --- !Policy +id: fedora_policy product_versions: - fedora-* -decision_context: bodhi_update_push_stable +decision_contexts: + - bodhi_update_push_testing + - bodhi_update_push_stable subject_type: koji_build rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +# RHEL +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/perl-App-cpanminus.spec b/perl-App-cpanminus.spec index 0a590a6..2f5a6d7 100644 --- a/perl-App-cpanminus.spec +++ b/perl-App-cpanminus.spec @@ -1,6 +1,6 @@ Name: perl-App-cpanminus Version: 1.7044 -Release: 14%{?dist} +Release: 15%{?dist} Summary: Get, unpack, build and install CPAN modules # Other files: GPL+ or Artistic ## unbundled @@ -134,12 +134,14 @@ with "%{_libexecdir}/%{name}/test". podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do + # CVE-2024-45321 - patch to use https instead of http + perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$1}g' "$F" %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped" perl -c -Ilib "${F}.stripped" mv "${F}.stripped" "$F" done -%patch0 -p1 +%patch -P0 -p1 # Help generators to recognize Perl scripts for F in t/*.t; do @@ -170,14 +172,18 @@ make test %license LICENSE %doc Changes README %{perl_vendorlib}/* -%{_mandir}/man3/* %{_mandir}/man1/* +%{_mandir}/man3/* %{_bindir}/cpanm %files tests %{_libexecdir}/%{name} %changelog +* Thu Sep 19 2024 Jitka Plesnikova - 1.7044-15 +- Patch the code to use https instead of http (CVE-2024-45321) +- Resolves: RHEL-56520 + * Mon Aug 09 2021 Mohan Boddu - 1.7044-14 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/plans/internal.fmf b/plans/internal.fmf new file mode 100644 index 0000000..a516946 --- /dev/null +++ b/plans/internal.fmf @@ -0,0 +1,12 @@ +summary: Private (RHEL) beakerlib tests +enabled: false +adjust: + - when: distro == rhel + enabled: true + because: private tests are accesible only within rhel pipline +discover: + - name: rhel + how: fmf + url: https://pkgs.devel.redhat.com/git/tests/perl-App-cpanminus +execute: + how: tmt diff --git a/tests/upstream-tests.fmf b/tests/upstream-tests.fmf index bd8df17..e135885 100644 --- a/tests/upstream-tests.fmf +++ b/tests/upstream-tests.fmf @@ -2,3 +2,10 @@ summary: Upstream tests component: perl-App-cpanminus require: perl-App-cpanminus-tests test: /usr/libexec/perl-App-cpanminus/test +enabled: true +tag: + - rhel-buildroot +adjust: + - enabled: false + when: distro < rhel-9 or distro < centos-stream-9 + continue: false