From dcf6cd34a4a69e13b2f75baa086a5fa270087e7b Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 30 Apr 2024 15:23:31 +0000
Subject: [PATCH] import UBI perl-HTTP-Tiny-0.076-462.el9

---
 ...L-default-to-1-add-ENV-var-to-enable.patch | 36 +++++++++----------
 ....076-Fix-man-page-for-CVE-2023-31486.patch | 21 +++++++++++
 SPECS/perl-HTTP-Tiny.spec                     |  8 ++++-
 3 files changed, 46 insertions(+), 19 deletions(-)
 create mode 100644 SOURCES/HTTP-Tiny-0.076-Fix-man-page-for-CVE-2023-31486.patch

diff --git a/SOURCES/HTTP-Tiny-0.076-Change-verify_SSL-default-to-1-add-ENV-var-to-enable.patch b/SOURCES/HTTP-Tiny-0.076-Change-verify_SSL-default-to-1-add-ENV-var-to-enable.patch
index ea2316a..fd81cc5 100644
--- a/SOURCES/HTTP-Tiny-0.076-Change-verify_SSL-default-to-1-add-ENV-var-to-enable.patch
+++ b/SOURCES/HTTP-Tiny-0.076-Change-verify_SSL-default-to-1-add-ENV-var-to-enable.patch
@@ -104,7 +104,7 @@ index 2ece5ca..58be640 100644
 +    my ($self) = @_;
 +    # Check if insecure default certificate verification behaviour has been
 +    # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
-+    return (($ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
++    return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
 +}
 +
  sub _set_proxies {
@@ -248,7 +248,7 @@ index 0000000..d6bc412
 +
 +use HTTP::Tiny;
 +
-+delete $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT};
++delete $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT};
 +
 +{
 +    my $ht = HTTP::Tiny->new();
@@ -294,54 +294,54 @@ index 0000000..d6bc412
 +}
 +
 +{
-+    local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
++    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
 +    my $ht = HTTP::Tiny->new();
-+    is($ht->verify_SSL, 0, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1 changes verify_SSL default to 0");
++    is($ht->verify_SSL, 0, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 changes verify_SSL default to 0");
 +}
 +
 +{
-+    local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "0";
++    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "0";
 +    my $ht = HTTP::Tiny->new();
-+    is($ht->verify_SSL, 1, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=0 keeps verify_SSL default at 1");
++    is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=0 keeps verify_SSL default at 1");
 +}
 +
 +{
-+    local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "False";
++    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "False";
 +    my $ht = HTTP::Tiny->new();
-+    is($ht->verify_SSL, 1, "Unsupported PERL_HTTP_TINY_INSECURE_BY_DEFAULT=False keeps verify_SSL default at 1");
++    is($ht->verify_SSL, 1, "Unsupported PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=False keeps verify_SSL default at 1");
 +}
 +
 +{
-+    local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
++    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
 +    my $ht = HTTP::Tiny->new(verify_SSL=>1);
-+    is($ht->verify_SSL, 1, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1 does not override verify_SSL attribute set to 1");
++    is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 does not override verify_SSL attribute set to 1");
 +}
 +
 +{
-+    local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
++    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
 +    my $ht = HTTP::Tiny->new(
 +        verify_SSL => 1,
 +        verify_ssl => 1
 +    );
-+    is($ht->verify_SSL, 1, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>1 sets 1");
++    is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>1 sets 1");
 +}
 +
 +{
-+    local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
++    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
 +    my $ht = HTTP::Tiny->new(
 +        verify_SSL => 1,
 +        verify_ssl => 0
 +    );
-+    is($ht->verify_SSL, 1, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>0 sets 1");
++    is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>0 sets 1");
 +}
 +
 +{
-+    local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = "1";
++    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
 +    my $ht = HTTP::Tiny->new(
 +        verify_SSL => 0,
 +        verify_ssl => 0
 +    );
-+    is($ht->verify_SSL, 0, "PERL_HTTP_TINY_INSECURE_BY_DEFAULT=1, verify_SSL=>0 and verify_ssl=>0 sets 0");
++    is($ht->verify_SSL, 0, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>0 and verify_ssl=>0 sets 0");
 +}
 +
 +
@@ -356,7 +356,7 @@ index 6f80e51..7b84f93 100644
  }
  use HTTP::Tiny;
  
-+delete $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT};
++delete $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT};
 +
  plan skip_all => 'Only run for $ENV{AUTOMATED_TESTING}'
    unless $ENV{AUTOMATED_TESTING};
@@ -428,7 +428,7 @@ index 6f80e51..7b84f93 100644
 +});
 +
 +{
-+    local $ENV{PERL_HTTP_TINY_INSECURE_BY_DEFAULT} = 1;
++    local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = 1;
 +    test_ssl('https://wrong.host.badssl.com/' => {
 +        host => 'wrong.host.badssl.com',
 +        pass => { verify_SSL => 0 },
diff --git a/SOURCES/HTTP-Tiny-0.076-Fix-man-page-for-CVE-2023-31486.patch b/SOURCES/HTTP-Tiny-0.076-Fix-man-page-for-CVE-2023-31486.patch
new file mode 100644
index 0000000..4c37d70
--- /dev/null
+++ b/SOURCES/HTTP-Tiny-0.076-Fix-man-page-for-CVE-2023-31486.patch
@@ -0,0 +1,21 @@
+diff -up HTTP-Tiny-0.074/lib/HTTP/Tiny.pm.orig HTTP-Tiny-0.074/lib/HTTP/Tiny.pm
+--- HTTP-Tiny-0.074/lib/HTTP/Tiny.pm.orig	2024-01-16 12:26:34.204388229 +0100
++++ HTTP-Tiny-0.074/lib/HTTP/Tiny.pm	2024-01-16 12:29:19.282808545 +0100
+@@ -1778,12 +1778,16 @@ C<timeout> — Request timeout in second
+ 
+ =item *
+ 
+-C<verify_SSL> — A boolean that indicates whether to validate the SSL certificate of an C<https> — connection (default is false)
++C<verify_SSL> — A boolean that indicates whether to validate the SSL certificate of an C<https> — connection (default is true). Changed from false to true for CVE-2023-31486.
+ 
+ =item *
+ 
+ C<SSL_options> — A hashref of C<SSL_*> — options to pass through to L<IO::Socket::SSL>
+ 
++=item *
++
++C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> — Changes the default certificate verification behavior to not check server identity if set to 1. Only effective if C<verify_SSL> is not set. Added for CVE-2023-31486.
++
+ =back
+ 
+ Passing an explicit C<undef> for C<proxy>, C<http_proxy> or C<https_proxy> will
diff --git a/SPECS/perl-HTTP-Tiny.spec b/SPECS/perl-HTTP-Tiny.spec
index 02546e8..432789e 100644
--- a/SPECS/perl-HTTP-Tiny.spec
+++ b/SPECS/perl-HTTP-Tiny.spec
@@ -3,7 +3,7 @@
 
 Name:           perl-HTTP-Tiny
 Version:        0.076
-Release:        461%{?dist}
+Release:        462%{?dist}
 Summary:        Small, simple, correct HTTP/1.1 client
 License:        GPL+ or Artistic
 URL:            https://metacpan.org/release/HTTP-Tiny
@@ -14,6 +14,8 @@ Patch0:         HTTP-Tiny-0.070-Croak-on-failed-write-into-a-file.patch
 # Change verify_SSL default to 1, add ENV var to enable insecure default
 # Fix rhbz#2228412 - CVE-2023-31486
 Patch1:         HTTP-Tiny-0.076-Change-verify_SSL-default-to-1-add-ENV-var-to-enable.patch
+# Fix man page for CVE-2023-31486
+Patch2:         HTTP-Tiny-0.076-Fix-man-page-for-CVE-2023-31486.patch
 BuildArch:      noarch
 BuildRequires:  coreutils
 BuildRequires:  make
@@ -103,6 +105,7 @@ with "%{_libexecdir}/%{name}/test".
 %setup -q -n HTTP-Tiny-%{version}
 %patch -P0 -p1
 %patch -P1 -p1
+%patch -P2 -p1
 
 # Help generators to recognize Perl scripts
 for F in t/*.t; do
@@ -141,6 +144,9 @@ make test
 %{_libexecdir}/%{name}
 
 %changelog
+* Tue Jan 16 2024 Jitka Plesnikova <jplesnik@redhat.com> - 0.076-462
+- Update man page for CVE-2023-31486
+
 * Fri Aug 04 2023 Jitka Plesnikova <jplesnik@redhat.com> - 0.076-461
 - Changes the verify_SSL default parameter from 0 to 1 - CVE-2023-31486
 - Resolves: rhbz#2228412