import CS perl-HTTP-Tiny-0.074-3.el8
This commit is contained in:
parent
11d48ef7b4
commit
4243d9563f
|
|
@ -104,7 +104,7 @@ index 2ece5ca..58be640 100644
|
|||
+ my ($self) = @_;
|
||||
+ # Check if insecure default certificate verification behaviour has been
|
||||
+ # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
|
||||
+ return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
|
||||
+ return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
|
||||
+}
|
||||
+
|
||||
sub _set_proxies {
|
||||
|
|
@ -248,7 +248,7 @@ index 0000000..d6bc412
|
|||
+
|
||||
+use HTTP::Tiny;
|
||||
+
|
||||
+delete $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT};
|
||||
+delete $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT};
|
||||
+
|
||||
+{
|
||||
+ my $ht = HTTP::Tiny->new();
|
||||
|
|
@ -294,54 +294,54 @@ index 0000000..d6bc412
|
|||
+}
|
||||
+
|
||||
+{
|
||||
+ local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
|
||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
||||
+ my $ht = HTTP::Tiny->new();
|
||||
+ is($ht->verify_SSL, 0, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1 changes verify_SSL default to 0");
|
||||
+ is($ht->verify_SSL, 0, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 changes verify_SSL default to 0");
|
||||
+}
|
||||
+
|
||||
+{
|
||||
+ local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "0";
|
||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "0";
|
||||
+ my $ht = HTTP::Tiny->new();
|
||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=0 keeps verify_SSL default at 1");
|
||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=0 keeps verify_SSL default at 1");
|
||||
+}
|
||||
+
|
||||
+{
|
||||
+ local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "False";
|
||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "False";
|
||||
+ my $ht = HTTP::Tiny->new();
|
||||
+ is($ht->verify_SSL, 1, "Unsupported PERL_HTTP_TINY_INSECURE_BY_DEFAULT=False keeps verify_SSL default at 1");
|
||||
+ is($ht->verify_SSL, 1, "Unsupported PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=False keeps verify_SSL default at 1");
|
||||
+}
|
||||
+
|
||||
+{
|
||||
+ local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
|
||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
||||
+ my $ht = HTTP::Tiny->new(verify_SSL=>1);
|
||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1 does not override verify_SSL attribute set to 1");
|
||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 does not override verify_SSL attribute set to 1");
|
||||
+}
|
||||
+
|
||||
+{
|
||||
+ local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
|
||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
||||
+ my $ht = HTTP::Tiny->new(
|
||||
+ verify_SSL => 1,
|
||||
+ verify_ssl => 1
|
||||
+ );
|
||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>1 sets 1");
|
||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>1 sets 1");
|
||||
+}
|
||||
+
|
||||
+{
|
||||
+ local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
|
||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
||||
+ my $ht = HTTP::Tiny->new(
|
||||
+ verify_SSL => 1,
|
||||
+ verify_ssl => 0
|
||||
+ );
|
||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>0 sets 1");
|
||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>0 sets 1");
|
||||
+}
|
||||
+
|
||||
+{
|
||||
+ local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
|
||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
||||
+ my $ht = HTTP::Tiny->new(
|
||||
+ verify_SSL => 0,
|
||||
+ verify_ssl => 0
|
||||
+ );
|
||||
+ is($ht->verify_SSL, 0, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1, verify_SSL=>0 and verify_ssl=>0 sets 0");
|
||||
+ is($ht->verify_SSL, 0, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>0 and verify_ssl=>0 sets 0");
|
||||
+}
|
||||
+
|
||||
+
|
||||
|
|
@ -356,7 +356,7 @@ index 6f80e51..7b84f93 100644
|
|||
}
|
||||
use HTTP::Tiny;
|
||||
|
||||
+delete $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT};
|
||||
+delete $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT};
|
||||
+
|
||||
plan skip_all => 'Only run for $ENV{AUTOMATED_TESTING}'
|
||||
unless $ENV{AUTOMATED_TESTING};
|
||||
|
|
@ -428,7 +428,7 @@ index 6f80e51..7b84f93 100644
|
|||
+});
|
||||
+
|
||||
+{
|
||||
+ local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = 1;
|
||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = 1;
|
||||
+ test_ssl('https://wrong.host.badssl.com/' => {
|
||||
+ host => 'wrong.host.badssl.com',
|
||||
+ pass => { verify_SSL => 0 },
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
diff -up HTTP-Tiny-0.074/lib/HTTP/Tiny.pm.orig HTTP-Tiny-0.074/lib/HTTP/Tiny.pm
|
||||
--- HTTP-Tiny-0.074/lib/HTTP/Tiny.pm.orig 2024-01-16 12:26:34.204388229 +0100
|
||||
+++ HTTP-Tiny-0.074/lib/HTTP/Tiny.pm 2024-01-16 12:29:19.282808545 +0100
|
||||
@@ -1778,12 +1778,16 @@ C<timeout> — Request timeout in second
|
||||
|
||||
=item *
|
||||
|
||||
-C<verify_SSL> — A boolean that indicates whether to validate the SSL certificate of an C<https> — connection (default is false)
|
||||
+C<verify_SSL> — A boolean that indicates whether to validate the SSL certificate of an C<https> — connection (default is true). Changed from false to true for CVE-2023-31486.
|
||||
|
||||
=item *
|
||||
|
||||
C<SSL_options> — A hashref of C<SSL_*> — options to pass through to L<IO::Socket::SSL>
|
||||
|
||||
+=item *
|
||||
+
|
||||
+C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> — Changes the default certificate verification behavior to not check server identity if set to 1. Only effective if C<verify_SSL> is not set. Added for CVE-2023-31486.
|
||||
+
|
||||
=back
|
||||
|
||||
Passing an explicit C<undef> for C<proxy>, C<http_proxy> or C<https_proxy> will
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
Name: perl-HTTP-Tiny
|
||||
Version: 0.074
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: Small, simple, correct HTTP/1.1 client
|
||||
License: GPL+ or Artistic
|
||||
URL: https://metacpan.org/release/HTTP-Tiny
|
||||
|
|
@ -14,6 +14,8 @@ Patch0: HTTP-Tiny-0.070-Croak-on-failed-write-into-a-file.patch
|
|||
# Change verify_SSL default to 1, add ENV var to enable insecure default
|
||||
# Fix rhbz#2228409 - CVE-2023-31486
|
||||
Patch1: HTTP-Tiny-0.074-Change-verify_SSL-default-to-1-add-ENV-var-to-enable.patch
|
||||
# Fix man page for CVE-2023-31486
|
||||
Patch2: HTTP-Tiny-0.074-Fix-man-page-for-CVE-2023-31486.patch
|
||||
BuildArch: noarch
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: make
|
||||
|
|
@ -103,6 +105,7 @@ with "%{_libexecdir}/%{name}/test".
|
|||
%setup -q -n HTTP-Tiny-%{version}
|
||||
%patch -P0 -p1
|
||||
%patch -P1 -p1
|
||||
%patch -P2 -p1
|
||||
|
||||
# Help generators to recognize Perl scripts
|
||||
for F in t/*.t; do
|
||||
|
|
@ -141,6 +144,9 @@ make test
|
|||
%{_libexecdir}/%{name}
|
||||
|
||||
%changelog
|
||||
* Tue Jan 16 2024 Jitka Plesnikova <jplesnik@redhat.com> - 0.074-3
|
||||
- Update man page for CVE-2023-31486
|
||||
|
||||
* Mon Aug 07 2023 Jitka Plesnikova <jplesnik@redhat.com> - 0.074-2
|
||||
- Changes the verify_SSL default parameter from 0 to 1 - CVE-2023-31486
|
||||
- Resolves: rhbz#2228409
|
||||
|
|
|
|||
Loading…
Reference in New Issue