SOURCES/App-cpanminus-1.7044-SHA1-SHA256-in-checksum-chat.patch

@@ -0,0 +1,32 @@
+From 215c69b180f8de546c5965c37950d67c6cd8dc33 Mon Sep 17 00:00:00 2001
+From: Stig Palmquist <stig@stig.io>
+Date: Tue, 9 Mar 2021 09:29:43 +0100
+Subject: [PATCH] SHA1 -> SHA256 in checksum chat()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Petr Pisar: Ported from 2c24e534bbd1b843233dda3d66650645883f70a2
+commit in upstream devel branch.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ lib/App/cpanminus/script.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/App/cpanminus/script.pm b/lib/App/cpanminus/script.pm
+index 1b26b5d..af44442 100644
+--- a/lib/App/cpanminus/script.pm
++++ b/lib/App/cpanminus/script.pm
+@@ -1637,7 +1637,7 @@ sub verify_archive {
+ sub verify_checksum {
+     my($self, $file, $chk_file) = @_;
+ 
+-    $self->chat("Verifying the SHA1 for $file\n");
++    $self->chat("Verifying the SHA256 for $file\n");
+ 
+     open my $fh, "<$chk_file" or die "$chk_file: $!";
+     my $data = join '', <$fh>;
+-- 
+2.26.2
+

SPECS/perl-App-cpanminus.spec

@@ -1,20 +1,26 @@
 Name:           perl-App-cpanminus
 Version:        1.7044
-Release:        5%{?dist}
+Release:        15%{?dist}
 Summary:        Get, unpack, build and install CPAN modules
+# Other files:  GPL+ or Artistic
+## unbundled
+# lib/App/cpanminus/fatscript.pm:   File::pushd:    ASL 2.0
+## at build-time only
+# fatunpack:    GPL+
 License:        GPL+ or Artistic
-Group:          Development/Libraries
 URL:            https://metacpan.org/release/App-cpanminus
 Source0:        https://cpan.metacpan.org/authors/id/M/MI/MIYAGAWA/App-cpanminus-%{version}.tar.gz
 Source1:        fatunpack
+# Correct an SHA version in a message, in upstream's devel branch,
+# <https://github.com/miyagawa/cpanminus/pull/617>
+Patch0:         App-cpanminus-1.7044-SHA1-SHA256-in-checksum-chat.patch
 BuildArch:      noarch
 BuildRequires:  %{_bindir}/podselect
 BuildRequires:  coreutils
-BuildRequires:  findutils
 BuildRequires:  make
-BuildRequires:  perl-interpreter
 BuildRequires:  perl-generators
-BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.30
+BuildRequires:  perl-interpreter
+BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:  perl(File::Path)
 BuildRequires:  perl(File::Spec)
 BuildRequires:  perl(Getopt::Long)
@@ -113,25 +119,51 @@ Why? It's dependency free, requires zero configuration, and stands alone
 but it's maintainable and extensible with plug-ins and friendly to shell 
 scripting. When running, it requires only 10 MB of RAM.
 
+%package tests
+Summary:        Tests for %{name}
+Requires:       %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
+Requires:       perl-Test-Harness
+
+%description tests
+Tests from %{name}. Execute them
+with "%{_libexecdir}/%{name}/test".
+
 %prep
 %setup -q -n App-cpanminus-%{version}
 # Unbundle fat-packed modules
 podselect lib/App/cpanminus.pm > lib/App/cpanminus.pod
 
 for F in bin/cpanm lib/App/cpanminus/fatscript.pm; do
+    # CVE-2024-45321 - patch to use https instead of http
+    perl -pi -E 's{http://(cpan\.cpantesters\.org|www\.cpan\.org|backpan\.perl\.org|cpan\.metacpan\.org|fastapi\.metacpan\.org|cpanmetadb\.plackperl\.org)}{https://$1}g' "$F"
     %{SOURCE1} --libdir lib --filter '^App/cpanminus' "$F" > "${F}.stripped"
     perl -c -Ilib "${F}.stripped"
     mv "${F}.stripped" "$F"
 done
 
+%patch -P0 -p1
+
+# Help generators to recognize Perl scripts
+for F in t/*.t; do
+    perl -i -MConfig -ple 'print $Config{startperl} if $. == 1' "$F"
+    chmod +x "$F"
+done
+
 %build
-perl Makefile.PL INSTALLDIRS=vendor
-make %{?_smp_mflags}
+perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1 NO_PERLLOCAL=1
+%{make_build}
 
 %install
-make pure_install DESTDIR=%{buildroot}
-find %{buildroot} -type f -name .packlist -delete
+%{make_install}
 %{_fixperms} %{buildroot}/*
+# Install tests
+mkdir -p %{buildroot}%{_libexecdir}/%{name}
+cp -a t %{buildroot}%{_libexecdir}/%{name}
+cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
+#!/bin/bash
+cd %{_libexecdir}/%{name} && exec prove -I . -j "$(getconf _NPROCESSORS_ONLN)"
+EOF
+chmod +x %{buildroot}%{_libexecdir}/%{name}/test
 
 %check
 make test
@@ -140,13 +172,49 @@ make test
 %license LICENSE
 %doc Changes README
 %{perl_vendorlib}/*
-%{_mandir}/man3/*
 %{_mandir}/man1/*
+%{_mandir}/man3/*
 %{_bindir}/cpanm
 
+%files tests
+%{_libexecdir}/%{name}
+
 %changelog
-* Fri Mar 29 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.7044-5
-- Rebuild with enable hardening (bug #1636329)
+* Thu Sep 19 2024 Jitka Plesnikova <jplesnik@redhat.com> - 1.7044-15
+- Patch the code to use https instead of http (CVE-2024-45321)
+- Resolves: RHEL-56520
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.7044-14
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.7044-13
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Mar 09 2021 Petr Pisar <ppisar@redhat.com> - 1.7044-12
+- Correct an SHA version in a message
+- Package tests
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.7044-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.7044-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jun 23 2020 Jitka Plesnikova <jplesnik@redhat.com> - 1.7044-9
+- Perl 5.32 rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.7044-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.7044-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 1.7044-6
+- Perl 5.30 rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.7044-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
 * Mon Jul 16 2018 Petr Pisar <ppisar@redhat.com> - 1.7044-4
 - Require full Perl for non-duallived sub-packaged core modules