Compare commits
No commits in common. "c9-beta" and "c8-stream-5.3" have entirely different histories.
c9-beta
...
c8-stream-
@ -1,569 +0,0 @@
|
|||||||
From 77f557ef84698efeb6eed04e4a9704eaf85b741d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stig Palmquist <git@stig.io>
|
|
||||||
Date: Mon, 5 Jun 2023 16:46:22 +0200
|
|
||||||
Subject: [PATCH] Change verify_SSL default to 1, add ENV var to enable
|
|
||||||
insecure default
|
|
||||||
|
|
||||||
- Changes the `verify_SSL` default parameter from `0` to `1`
|
|
||||||
|
|
||||||
Based on patch by Dominic Hargreaves:
|
|
||||||
https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92
|
|
||||||
|
|
||||||
Fixes CVE-2023-31486
|
|
||||||
|
|
||||||
- Add check for `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` that
|
|
||||||
enables the previous insecure default behaviour if set to `1`.
|
|
||||||
|
|
||||||
This provides a workaround for users who encounter problems with the
|
|
||||||
new `verify_SSL` default.
|
|
||||||
|
|
||||||
Example to disable certificate checks:
|
|
||||||
```
|
|
||||||
$ PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 ./script.pl
|
|
||||||
```
|
|
||||||
|
|
||||||
- Updates to documentation:
|
|
||||||
- Describe changing the verify_SSL value
|
|
||||||
- Describe the escape-hatch environment variable
|
|
||||||
- Remove rationale for not enabling verify_SSL
|
|
||||||
- Add missing certificate search paths
|
|
||||||
- Replace "SSL" with "TLS/SSL" where appropriate
|
|
||||||
- Use "machine-in-the-middle" instead of "man-in-the-middle"
|
|
||||||
|
|
||||||
- Update `210_live_ssl.t`
|
|
||||||
- Use github.com, cpan.org and badssl.com hosts for checking
|
|
||||||
certificates.
|
|
||||||
- Add self signed snake-oil certificate for checking failures rather
|
|
||||||
than bypassing the `SSL_verify_callback`
|
|
||||||
- Test `verify_SSL` parameter in addition to low level SSL_options
|
|
||||||
- Test that `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1` behaves as
|
|
||||||
expected against badssl.com
|
|
||||||
|
|
||||||
- Added `180_verify_SSL.t`
|
|
||||||
- Test that `verify_SSL` default is `1`
|
|
||||||
- Test that `PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT` behaves as expected
|
|
||||||
- Test that using different values for `verify_SSL` and legacy `verify_ssl`
|
|
||||||
doesn't disable cert checks
|
|
||||||
|
|
||||||
Backported from HTTP::Tiny 0.083
|
|
||||||
|
|
||||||
---
|
|
||||||
lib/HTTP/Tiny.pm | 72 ++++++++++++++----------
|
|
||||||
t/180_verify_SSL.t | 109 ++++++++++++++++++++++++++++++++++++
|
|
||||||
t/210_live_ssl.t | 136 ++++++++++++++++++++++++++++++---------------
|
|
||||||
t/snake-oil.crt | 33 +++++++++++
|
|
||||||
4 files changed, 277 insertions(+), 73 deletions(-)
|
|
||||||
create mode 100644 t/180_verify_SSL.t
|
|
||||||
create mode 100644 t/snake-oil.crt
|
|
||||||
|
|
||||||
diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
|
|
||||||
index 2ece5ca..58be640 100644
|
|
||||||
--- a/lib/HTTP/Tiny.pm
|
|
||||||
+++ b/lib/HTTP/Tiny.pm
|
|
||||||
@@ -39,10 +39,14 @@ sub _croak { require Carp; Carp::croak(@
|
|
||||||
#pod C<$ENV{no_proxy}> —)
|
|
||||||
#pod * C<timeout> — Request timeout in seconds (default is 60) If a socket open,
|
|
||||||
#pod read or write takes longer than the timeout, an exception is thrown.
|
|
||||||
-#pod * C<verify_SSL> — A boolean that indicates whether to validate the SSL
|
|
||||||
-#pod certificate of an C<https> — connection (default is false)
|
|
||||||
+#pod * C<verify_SSL> — A boolean that indicates whether to validate the TLS/SSL
|
|
||||||
+#pod certificate of an C<https> ? connection (default is true). Changed from false
|
|
||||||
+#pod to true for RHBZ#2228412.
|
|
||||||
#pod * C<SSL_options> — A hashref of C<SSL_*> — options to pass through to
|
|
||||||
#pod L<IO::Socket::SSL>
|
|
||||||
+#pod * C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> - Changes the default
|
|
||||||
+#pod certificate verification behavior to not check server identity if set to 1.
|
|
||||||
+#pod Only effective if C<verify_SSL> is not set. Added for RHBZ#2228412.
|
|
||||||
#pod
|
|
||||||
#pod Passing an explicit C<undef> for C<proxy>, C<http_proxy> or C<https_proxy> will
|
|
||||||
#pod prevent getting the corresponding proxies from the environment.
|
|
||||||
@@ -108,11 +112,17 @@ sub timeout {
|
|
||||||
sub new {
|
|
||||||
my($class, %args) = @_;
|
|
||||||
|
|
||||||
+ # Support lower case verify_ssl argument, but only if verify_SSL is not
|
|
||||||
+ # true.
|
|
||||||
+ if ( exists $args{verify_ssl} ) {
|
|
||||||
+ $args{verify_SSL} ||= $args{verify_ssl};
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
my $self = {
|
|
||||||
max_redirect => 5,
|
|
||||||
timeout => defined $args{timeout} ? $args{timeout} : 60,
|
|
||||||
keep_alive => 1,
|
|
||||||
- verify_SSL => $args{verify_SSL} || $args{verify_ssl} || 0, # no verification by default
|
|
||||||
+ verify_SSL => defined $args{verify_SSL} ? $args{verify_SSL} : _verify_SSL_default(),
|
|
||||||
no_proxy => $ENV{no_proxy},
|
|
||||||
};
|
|
||||||
|
|
||||||
@@ -131,6 +141,13 @@ sub new {
|
|
||||||
return $self;
|
|
||||||
}
|
|
||||||
|
|
||||||
+sub _verify_SSL_default {
|
|
||||||
+ my ($self) = @_;
|
|
||||||
+ # Check if insecure default certificate verification behaviour has been
|
|
||||||
+ # changed by the user by setting PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1
|
|
||||||
+ return (($ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} || '') eq '1') ? 0 : 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
sub _set_proxies {
|
|
||||||
my ($self) = @_;
|
|
||||||
|
|
||||||
@@ -1041,7 +1058,7 @@ sub new {
|
|
||||||
timeout => 60,
|
|
||||||
max_line_size => 16384,
|
|
||||||
max_header_lines => 64,
|
|
||||||
- verify_SSL => 0,
|
|
||||||
+ verify_SSL => HTTP::Tiny::_verify_SSL_default(),
|
|
||||||
SSL_options => {},
|
|
||||||
%args
|
|
||||||
}, $class;
|
|
||||||
@@ -2012,11 +2029,11 @@ proxy
|
|
||||||
timeout
|
|
||||||
verify_SSL
|
|
||||||
|
|
||||||
-=head1 SSL SUPPORT
|
|
||||||
+=head1 TLS/SSL SUPPORT
|
|
||||||
|
|
||||||
Direct C<https> connections are supported only if L<IO::Socket::SSL> 1.56 or
|
|
||||||
greater and L<Net::SSLeay> 1.49 or greater are installed. An exception will be
|
|
||||||
-thrown if new enough versions of these modules are not installed or if the SSL
|
|
||||||
+thrown if new enough versions of these modules are not installed or if the TLS
|
|
||||||
encryption fails. You can also use C<HTTP::Tiny::can_ssl()> utility function
|
|
||||||
that returns boolean to see if the required modules are installed.
|
|
||||||
|
|
||||||
@@ -2024,7 +2041,7 @@ An C<https> connection may be made via a
|
|
||||||
command (i.e. RFC 2817). You may not proxy C<https> via a proxy that itself
|
|
||||||
requires C<https> to communicate.
|
|
||||||
|
|
||||||
-SSL provides two distinct capabilities:
|
|
||||||
+TLS/SSL provides two distinct capabilities:
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
@@ -2038,24 +2055,17 @@ Verification of server identity
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
-B<By default, HTTP::Tiny does not verify server identity>.
|
|
||||||
+B<By default, HTTP::Tiny verifies server identity>.
|
|
||||||
|
|
||||||
-Server identity verification is controversial and potentially tricky because it
|
|
||||||
-depends on a (usually paid) third-party Certificate Authority (CA) trust model
|
|
||||||
-to validate a certificate as legitimate. This discriminates against servers
|
|
||||||
-with self-signed certificates or certificates signed by free, community-driven
|
|
||||||
-CA's such as L<CAcert.org|http://cacert.org>.
|
|
||||||
-
|
|
||||||
-By default, HTTP::Tiny does not make any assumptions about your trust model,
|
|
||||||
-threat level or risk tolerance. It just aims to give you an encrypted channel
|
|
||||||
-when you need one.
|
|
||||||
-
|
|
||||||
-Setting the C<verify_SSL> attribute to a true value will make HTTP::Tiny verify
|
|
||||||
-that an SSL connection has a valid SSL certificate corresponding to the host
|
|
||||||
-name of the connection and that the SSL certificate has been verified by a CA.
|
|
||||||
-Assuming you trust the CA, this will protect against a L<man-in-the-middle
|
|
||||||
-attack|http://en.wikipedia.org/wiki/Man-in-the-middle_attack>. If you are
|
|
||||||
-concerned about security, you should enable this option.
|
|
||||||
+This was changed for RHBZ#2228412 due to security concerns. The previous default
|
|
||||||
+behavior can be enabled by setting C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}>
|
|
||||||
+to 1.
|
|
||||||
+
|
|
||||||
+Verification is done by checking that that the TLS/SSL connection has a valid
|
|
||||||
+certificate corresponding to the host name of the connection and that the
|
|
||||||
+certificate has been verified by a CA. Assuming you trust the CA, this will
|
|
||||||
+protect against L<machine-in-the-middle
|
|
||||||
+attacks|http://en.wikipedia.org/wiki/Machine-in-the-middle_attack>.
|
|
||||||
|
|
||||||
Certificate verification requires a file containing trusted CA certificates.
|
|
||||||
|
|
||||||
@@ -2063,9 +2073,7 @@ If the environment variable C<SSL_CERT_F
|
|
||||||
will try to find a CA certificate file in that location.
|
|
||||||
|
|
||||||
If the L<Mozilla::CA> module is installed, HTTP::Tiny will use the CA file
|
|
||||||
-included with it as a source of trusted CA's. (This means you trust Mozilla,
|
|
||||||
-the author of Mozilla::CA, the CPAN mirror where you got Mozilla::CA, the
|
|
||||||
-toolchain used to install it, and your operating system security, right?)
|
|
||||||
+included with it as a source of trusted CA's.
|
|
||||||
|
|
||||||
If that module is not available, then HTTP::Tiny will search several
|
|
||||||
system-specific default locations for a CA certificate file:
|
|
||||||
@@ -2084,13 +2092,33 @@ system-specific default locations for a
|
|
||||||
|
|
||||||
/etc/ssl/ca-bundle.pem
|
|
||||||
|
|
||||||
+=item *
|
|
||||||
+
|
|
||||||
+/etc/openssl/certs/ca-certificates.crt
|
|
||||||
+
|
|
||||||
+=item *
|
|
||||||
+
|
|
||||||
+/etc/ssl/cert.pem
|
|
||||||
+
|
|
||||||
+=item *
|
|
||||||
+
|
|
||||||
+/usr/local/share/certs/ca-root-nss.crt
|
|
||||||
+
|
|
||||||
+=item *
|
|
||||||
+
|
|
||||||
+/etc/pki/tls/cacert.pem
|
|
||||||
+
|
|
||||||
+=item *
|
|
||||||
+
|
|
||||||
+/etc/certs/ca-certificates.crt
|
|
||||||
+
|
|
||||||
=back
|
|
||||||
|
|
||||||
An exception will be raised if C<verify_SSL> is true and no CA certificate file
|
|
||||||
is available.
|
|
||||||
|
|
||||||
-If you desire complete control over SSL connections, the C<SSL_options> attribute
|
|
||||||
-lets you provide a hash reference that will be passed through to
|
|
||||||
+If you desire complete control over TLS/SSL connections, the C<SSL_options>
|
|
||||||
+attribute lets you provide a hash reference that will be passed through to
|
|
||||||
C<IO::Socket::SSL::start_SSL()>, overriding any options set by HTTP::Tiny. For
|
|
||||||
example, to provide your own trusted CA file:
|
|
||||||
|
|
||||||
@@ -2100,7 +2128,7 @@ example, to provide your own trusted CA
|
|
||||||
|
|
||||||
The C<SSL_options> attribute could also be used for such things as providing a
|
|
||||||
client certificate for authentication to a server or controlling the choice of
|
|
||||||
-cipher used for the SSL connection. See L<IO::Socket::SSL> documentation for
|
|
||||||
+cipher used for the TLS/SSL connection. See L<IO::Socket::SSL> documentation for
|
|
||||||
details.
|
|
||||||
|
|
||||||
=head1 PROXY SUPPORT
|
|
||||||
diff --git a/t/180_verify_SSL.t b/t/180_verify_SSL.t
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..d6bc412
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/t/180_verify_SSL.t
|
|
||||||
@@ -0,0 +1,109 @@
|
|
||||||
+#!perl
|
|
||||||
+
|
|
||||||
+use strict;
|
|
||||||
+use warnings;
|
|
||||||
+use Test::More 0.88;
|
|
||||||
+use lib 't';
|
|
||||||
+
|
|
||||||
+use HTTP::Tiny;
|
|
||||||
+
|
|
||||||
+delete $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT};
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ my $ht = HTTP::Tiny->new();
|
|
||||||
+ is($ht->verify_SSL, 1, "verify_SSL is 1 by default");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ my $ht = HTTP::Tiny->new(
|
|
||||||
+ verify_SSL => 0
|
|
||||||
+ );
|
|
||||||
+ is($ht->verify_SSL, 0, "verify_SSL=>0 sets 0");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ my $ht = HTTP::Tiny->new(
|
|
||||||
+ verify_ssl => 0
|
|
||||||
+ );
|
|
||||||
+ is($ht->verify_SSL, 0, "verify_ssl=>0 sets 0");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ my $ht = HTTP::Tiny->new(
|
|
||||||
+ verify_SSL => 1,
|
|
||||||
+ verify_ssl => 0
|
|
||||||
+ );
|
|
||||||
+ is($ht->verify_SSL, 1, "verify_SSL=>1 and verify_ssl=>0 sets 1");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ my $ht = HTTP::Tiny->new(
|
|
||||||
+ verify_SSL => 0,
|
|
||||||
+ verify_ssl => 1
|
|
||||||
+ );
|
|
||||||
+ is($ht->verify_SSL, 1, "verify_SSL=>0 and verify_ssl=>1 sets 1");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ my $ht = HTTP::Tiny->new(
|
|
||||||
+ verify_SSL => 0,
|
|
||||||
+ verify_ssl => 0
|
|
||||||
+ );
|
|
||||||
+ is($ht->verify_SSL, 0, "verify_SSL=>0 and verify_ssl=>0 sets 0");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
|
||||||
+ my $ht = HTTP::Tiny->new();
|
|
||||||
+ is($ht->verify_SSL, 0, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 changes verify_SSL default to 0");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "0";
|
|
||||||
+ my $ht = HTTP::Tiny->new();
|
|
||||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=0 keeps verify_SSL default at 1");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "False";
|
|
||||||
+ my $ht = HTTP::Tiny->new();
|
|
||||||
+ is($ht->verify_SSL, 1, "Unsupported PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=False keeps verify_SSL default at 1");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
|
||||||
+ my $ht = HTTP::Tiny->new(verify_SSL=>1);
|
|
||||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1 does not override verify_SSL attribute set to 1");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
|
||||||
+ my $ht = HTTP::Tiny->new(
|
|
||||||
+ verify_SSL => 1,
|
|
||||||
+ verify_ssl => 1
|
|
||||||
+ );
|
|
||||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>1 sets 1");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
|
||||||
+ my $ht = HTTP::Tiny->new(
|
|
||||||
+ verify_SSL => 1,
|
|
||||||
+ verify_ssl => 0
|
|
||||||
+ );
|
|
||||||
+ is($ht->verify_SSL, 1, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>1 and verify_ssl=>0 sets 1");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = "1";
|
|
||||||
+ my $ht = HTTP::Tiny->new(
|
|
||||||
+ verify_SSL => 0,
|
|
||||||
+ verify_ssl => 0
|
|
||||||
+ );
|
|
||||||
+ is($ht->verify_SSL, 0, "PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT=1, verify_SSL=>0 and verify_ssl=>0 sets 0");
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+done_testing;
|
|
||||||
+
|
|
||||||
diff --git a/t/210_live_ssl.t b/t/210_live_ssl.t
|
|
||||||
index 6f80e51..7b84f93 100644
|
|
||||||
--- a/t/210_live_ssl.t
|
|
||||||
+++ b/t/210_live_ssl.t
|
|
||||||
@@ -18,6 +18,8 @@ BEGIN {
|
|
||||||
}
|
|
||||||
use HTTP::Tiny;
|
|
||||||
|
|
||||||
+delete $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT};
|
|
||||||
+
|
|
||||||
plan skip_all => 'Only run for $ENV{AUTOMATED_TESTING}'
|
|
||||||
unless $ENV{AUTOMATED_TESTING};
|
|
||||||
|
|
||||||
@@ -27,33 +29,73 @@ if ( can_run('openssl') ) {
|
|
||||||
diag "\nNote: running test with ", qx/openssl version/;
|
|
||||||
}
|
|
||||||
|
|
||||||
-my $data = {
|
|
||||||
- 'https://www.google.ca/' => {
|
|
||||||
- host => 'www.google.ca',
|
|
||||||
- pass => { SSL_verifycn_scheme => 'http', SSL_verifycn_name => 'www.google.ca', SSL_verify_mode => 0x01, SSL_ca_file => Mozilla::CA::SSL_ca_file() },
|
|
||||||
- fail => { SSL_verify_callback => sub { 0 }, SSL_verify_mode => 0x01 },
|
|
||||||
- default_should_yield => '1',
|
|
||||||
- },
|
|
||||||
- 'https://twitter.com/' => {
|
|
||||||
- host => 'twitter.com',
|
|
||||||
- pass => { SSL_verifycn_scheme => 'http', SSL_verifycn_name => 'twitter.com', SSL_verify_mode => 0x01, SSL_ca_file => Mozilla::CA::SSL_ca_file() },
|
|
||||||
- fail => { SSL_verify_callback => sub { 0 }, SSL_verify_mode => 0x01 },
|
|
||||||
- default_should_yield => '1',
|
|
||||||
- },
|
|
||||||
- 'https://github.com/' => {
|
|
||||||
- host => 'github.com',
|
|
||||||
- pass => { SSL_verifycn_scheme => 'http', SSL_verifycn_name => 'github.com', SSL_verify_mode => 0x01, SSL_ca_file => Mozilla::CA::SSL_ca_file() },
|
|
||||||
- fail => { SSL_verify_callback => sub { 0 }, SSL_verify_mode => 0x01 },
|
|
||||||
- default_should_yield => '1',
|
|
||||||
- },
|
|
||||||
- 'https://spinrite.com/' => {
|
|
||||||
- host => 'spinrite.com',
|
|
||||||
- pass => { SSL_verifycn_scheme => 'none', SSL_verifycn_name => 'spinrite.com', SSL_verify_mode => 0x00 },
|
|
||||||
- fail => { SSL_verifycn_scheme => 'http', SSL_verifycn_name => 'spinrite.com', SSL_verify_mode => 0x01, SSL_ca_file => Mozilla::CA::SSL_ca_file() },
|
|
||||||
- default_should_yield => '',
|
|
||||||
- }
|
|
||||||
-};
|
|
||||||
-plan tests => 1+ scalar keys %$data;
|
|
||||||
+test_ssl('https://cpan.org/' => {
|
|
||||||
+ host => 'cpan.org',
|
|
||||||
+ pass => { verify_SSL => 1 },
|
|
||||||
+ fail => { verify_SSL => 1, SSL_options => { SSL_ca_file => "t/snake-oil.crt" } },
|
|
||||||
+ default_verify_should_return => !!1,
|
|
||||||
+});
|
|
||||||
+
|
|
||||||
+test_ssl('https://github.com/' => {
|
|
||||||
+ host => 'github.com',
|
|
||||||
+ pass => { verify_SSL => 1 },
|
|
||||||
+ fail => { verify_SSL => 1, SSL_options => { SSL_ca_file => "t/snake-oil.crt" } },
|
|
||||||
+ default_verify_should_return => !!1,
|
|
||||||
+});
|
|
||||||
+
|
|
||||||
+test_ssl('https://wrong.host.badssl.com/' => {
|
|
||||||
+ host => 'wrong.host.badssl.com',
|
|
||||||
+ pass => { SSL_options => { SSL_verifycn_scheme => 'none', SSL_verifycn_name => 'wrong.host.badssl.com', SSL_verify_mode => 0x00 } },
|
|
||||||
+ fail => { SSL_options => { SSL_verifycn_scheme => 'http', SSL_verifycn_name => 'wrong.host.badssl.com', SSL_verify_mode => 0x01, SSL_ca_file => Mozilla::CA::SSL_ca_file() } },
|
|
||||||
+ default_verify_should_return => !!0,
|
|
||||||
+});
|
|
||||||
+
|
|
||||||
+test_ssl('https://untrusted-root.badssl.com/' => {
|
|
||||||
+ host => 'untrusted-root.badssl.com',
|
|
||||||
+ pass => { verify_SSL => 0 },
|
|
||||||
+ fail => { verify_SSL => 1 },
|
|
||||||
+ default_verify_should_return => !!0,
|
|
||||||
+});
|
|
||||||
+
|
|
||||||
+test_ssl('https://mozilla-modern.badssl.com/' => {
|
|
||||||
+ host => 'mozilla-modern.badssl.com',
|
|
||||||
+ pass => { verify_SSL => 1 },
|
|
||||||
+ fail => { verify_SSL => 1, SSL_options => { SSL_ca_file => "t/snake-oil.crt" } },
|
|
||||||
+ default_verify_should_return => !!1,
|
|
||||||
+});
|
|
||||||
+
|
|
||||||
+{
|
|
||||||
+ local $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} = 1;
|
|
||||||
+ test_ssl('https://wrong.host.badssl.com/' => {
|
|
||||||
+ host => 'wrong.host.badssl.com',
|
|
||||||
+ pass => { verify_SSL => 0 },
|
|
||||||
+ fail => { verify_SSL => 1 },
|
|
||||||
+ default_verify_should_return => !!1,
|
|
||||||
+ });
|
|
||||||
+ test_ssl('https://expired.badssl.com/' => {
|
|
||||||
+ host => 'expired.badssl.com',
|
|
||||||
+ pass => { verify_SSL => 0 },
|
|
||||||
+ fail => { verify_SSL => 1 },
|
|
||||||
+ default_verify_should_return => !!1,
|
|
||||||
+ });
|
|
||||||
+
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+test_ssl('https://wrong.host.badssl.com/' => {
|
|
||||||
+ host => 'wrong.host.badssl.com',
|
|
||||||
+ pass => { verify_SSL => 0 },
|
|
||||||
+ fail => { verify_SSL => 1 },
|
|
||||||
+ default_verify_should_return => !!0,
|
|
||||||
+});
|
|
||||||
+
|
|
||||||
+test_ssl('https://expired.badssl.com/' => {
|
|
||||||
+ host => 'expired.badssl.com',
|
|
||||||
+ pass => { verify_SSL => 0 },
|
|
||||||
+ fail => { verify_SSL => 1 },
|
|
||||||
+ default_verify_should_return => !!0,
|
|
||||||
+});
|
|
||||||
+
|
|
||||||
+
|
|
||||||
|
|
||||||
subtest "can_ssl" => sub {
|
|
||||||
ok( HTTP::Tiny->can_ssl, "class method" );
|
|
||||||
@@ -69,8 +111,10 @@ subtest "can_ssl" => sub {
|
|
||||||
like( $why, qr/not found or not readable/, "failure reason" );
|
|
||||||
};
|
|
||||||
|
|
||||||
+done_testing();
|
|
||||||
|
|
||||||
-while (my ($url, $data) = each %$data) {
|
|
||||||
+sub test_ssl {
|
|
||||||
+ my ($url, $data) = @_;
|
|
||||||
subtest $url => sub {
|
|
||||||
plan 'skip_all' => 'Internet connection timed out'
|
|
||||||
unless IO::Socket::INET->new(
|
|
||||||
@@ -81,8 +125,8 @@ while (my ($url, $data) = each %$data) {
|
|
||||||
);
|
|
||||||
|
|
||||||
# the default verification
|
|
||||||
- my $response = HTTP::Tiny->new(verify_ssl => 1)->get($url);
|
|
||||||
- is $response->{success}, $data->{default_should_yield}, "Request to $url passed/failed using default as expected"
|
|
||||||
+ my $response = HTTP::Tiny->new()->get($url);
|
|
||||||
+ is $response->{success}, $data->{default_verify_should_return}, "Request to $url passed/failed using default as expected"
|
|
||||||
or do {
|
|
||||||
# $response->{content} = substr $response->{content}, 0, 50;
|
|
||||||
$response->{content} =~ s{\n.*}{}s;
|
|
||||||
@@ -90,21 +134,25 @@ while (my ($url, $data) = each %$data) {
|
|
||||||
};
|
|
||||||
|
|
||||||
# force validation to succeed
|
|
||||||
- my $pass = HTTP::Tiny->new( SSL_options => $data->{pass} )->get($url);
|
|
||||||
- isnt $pass->{status}, '599', "Request to $url completed (forced pass)"
|
|
||||||
- or do {
|
|
||||||
- $pass->{content} =~ s{\n.*}{}s;
|
|
||||||
- diag explain $pass
|
|
||||||
- };
|
|
||||||
- ok $pass->{content}, 'Got some content';
|
|
||||||
+ if ($data->{pass}) {
|
|
||||||
+ my $pass = HTTP::Tiny->new( %{$data->{pass}} )->get($url);
|
|
||||||
+ isnt $pass->{status}, '599', "Request to $url completed (forced pass)"
|
|
||||||
+ or do {
|
|
||||||
+ $pass->{content} =~ s{\n.*}{}s;
|
|
||||||
+ diag explain $pass
|
|
||||||
+ };
|
|
||||||
+ ok $pass->{content}, 'Got some content';
|
|
||||||
+ }
|
|
||||||
|
|
||||||
# force validation to fail
|
|
||||||
- my $fail = HTTP::Tiny->new( SSL_options => $data->{fail} )->get($url);
|
|
||||||
- is $fail->{status}, '599', "Request to $url failed (forced fail)"
|
|
||||||
- or do {
|
|
||||||
- $fail->{content} =~ s{\n.*}{}s;
|
|
||||||
- diag explain [IO::Socket::SSL::errstr(), $fail]
|
|
||||||
- };
|
|
||||||
- ok $fail->{content}, 'Got some content';
|
|
||||||
+ if ($data->{fail}) {
|
|
||||||
+ my $fail = HTTP::Tiny->new( %{$data->{fail}} )->get($url);
|
|
||||||
+ is $fail->{status}, '599', "Request to $url failed (forced fail)"
|
|
||||||
+ or do {
|
|
||||||
+ $fail->{content} =~ s{\n.*}{}s;
|
|
||||||
+ diag explain [IO::Socket::SSL::errstr(), $fail]
|
|
||||||
+ };
|
|
||||||
+ ok $fail->{content}, 'Got some content';
|
|
||||||
+ }
|
|
||||||
};
|
|
||||||
}
|
|
||||||
diff --git a/t/snake-oil.crt b/t/snake-oil.crt
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..c0a5bdc
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/t/snake-oil.crt
|
|
||||||
@@ -0,0 +1,33 @@
|
|
||||||
+Generated with:
|
|
||||||
+
|
|
||||||
+ openssl req -new -newkey rsa:4096 -x509 -new -nodes -sha256 -days 7300 -keyout /dev/null -out snake-oil.crt -subj '/CN=snake.oil/'
|
|
||||||
+
|
|
||||||
+-----BEGIN CERTIFICATE-----
|
|
||||||
+MIIFCTCCAvGgAwIBAgIUUUWe96AgoaW3pyYxlJfMxUMA6bgwDQYJKoZIhvcNAQEL
|
|
||||||
+BQAwFDESMBAGA1UEAwwJc25ha2Uub2lsMB4XDTIzMDUyMTE1NDkxMVoXDTQzMDUx
|
|
||||||
+NjE1NDkxMVowFDESMBAGA1UEAwwJc25ha2Uub2lsMIICIjANBgkqhkiG9w0BAQEF
|
|
||||||
+AAOCAg8AMIICCgKCAgEAnScXg4MGa6CmCFOYzr8ggzqsDAR0CoVdOaqQ6XtRoRcP
|
|
||||||
+PzptoqHDFtr4NqWwmeWAGIcey6CKFZXsm9LvPly/VUDDjctYZig3UoLaoQpygwae
|
|
||||||
+2BgslsfuhwomxXuinatF6bo1vz+EaRpASJyHOBOp3Yvh2cLSXmD+YuTU8rci1IG/
|
|
||||||
+FFmjsrftPsxKFZiI9meAtsGayQGdUIBsEvawhs5y7TDcblPfbBM21sg3touTrfzZ
|
|
||||||
+Yk9dXd7hX3uq5ZX4H9BWcqeGux3speYC2STClnGMl8DqGdAV4XssbFCVqIhvmzrW
|
|
||||||
+L6Ce9vt0x/gxQQB4EYJlvECSqm7IiwO85I8XJ04EzmVU4e2+c1B7WS/swhGLr8JJ
|
|
||||||
+4yk/gbCe98ErU3ccnXPzZznNQXTt2iAQLqa5zNDmxjzyZXhDA1nijg2cJb1RnQVu
|
|
||||||
+m5YrUXOXt9b5664nLCVUf0s/yMqPbcIUA3puAPS6BgDEExnYL48rmTT1gazMO6S5
|
|
||||||
+ZwpycEVkwYUFj364vIHJvQO0xB54dqNul9kMLUwPLmP9H6nBIsGgJhZCAp+WDEzp
|
|
||||||
+Y4eqp0drTlJlpfjd/QOaOsKZgwrqiD0yh35bj43zcVHKaFYGLcS8M1+XlbYNYx90
|
|
||||||
+w7+GpbY+MebCYF//dXAFXzORxdA1XZ30I7CAxAVK5l5cokrMIHJ01kkzYEGA1Y0C
|
|
||||||
+AwEAAaNTMFEwHQYDVR0OBBYEFAyj5N91aOt4TxNEOJ18JUPEBsOyMB8GA1UdIwQY
|
|
||||||
+MBaAFAyj5N91aOt4TxNEOJ18JUPEBsOyMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
|
|
||||||
+hvcNAQELBQADggIBAHGiT2h0SU2tlFmUQ8CzgJ7JRTg91ltRwEvs/SQ/YN7DdDwt
|
|
||||||
+dQy/0nMIeFstdDIkdQyjcAUO92msLzd8AniiwAjynxamiQqdA57+rdhp7oEbFgw+
|
|
||||||
+nF56bG4tiBG1gAIxtY9f2sG/Sqf6UuimxOX43nybG8RdRu8hOh/TQXcj8raa2PMT
|
|
||||||
+pTdphjMJUKSplHtFpbLFuf5FxklpeAYxYAReMzQhVgTzi7fcz3QhT/l6eqK6G05v
|
|
||||||
+gi+QsgesMiGdHKiTtx8N70JFZ+8BzJ0CJDI8PR2XZTLbpKxNfk426hTjJBkRULT5
|
|
||||||
+s7IWuuEO4Bb1p27K2WgHGh0mxFk4POPFmotxupVqzl8g2umcfWLDq0UR3BcRyR3B
|
|
||||||
+GWZNCcDTVLaAsarbSJoY1L/6j4O0RQdgpOWiENLbEcelGprGLBVe4s/NDA6aUYA+
|
|
||||||
+2Dll+0tHe6oKI+RCRoDhhiAH7UVIGQdORzcbY3Fxbf1OlFdpOyXLI751b1DjSYRu
|
|
||||||
+9cVFXZIBRTTiEvGbUfoDEXDmKxpWHkGRel2864FBodcwGv7yW6mC3o6vpOqQFcW7
|
|
||||||
+MjJsFhtVj8PdPmue+ye766PeH45ydDD01nr1I92w6E1C0pEEqRNEpoOGgORyNgit
|
|
||||||
+EZag4DlWFs5MFdlj32haztRgi2dhVuJxlzx4lAmvOoqvGVQVIicN1JSlikBk
|
|
||||||
+-----END CERTIFICATE-----
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
|||||||
diff -up HTTP-Tiny-0.074/lib/HTTP/Tiny.pm.orig HTTP-Tiny-0.074/lib/HTTP/Tiny.pm
|
|
||||||
--- HTTP-Tiny-0.074/lib/HTTP/Tiny.pm.orig 2024-01-16 12:26:34.204388229 +0100
|
|
||||||
+++ HTTP-Tiny-0.074/lib/HTTP/Tiny.pm 2024-01-16 12:29:19.282808545 +0100
|
|
||||||
@@ -1778,12 +1778,16 @@ C<timeout> — Request timeout in second
|
|
||||||
|
|
||||||
=item *
|
|
||||||
|
|
||||||
-C<verify_SSL> — A boolean that indicates whether to validate the SSL certificate of an C<https> — connection (default is false)
|
|
||||||
+C<verify_SSL> — A boolean that indicates whether to validate the SSL certificate of an C<https> — connection (default is true). Changed from false to true for CVE-2023-31486.
|
|
||||||
|
|
||||||
=item *
|
|
||||||
|
|
||||||
C<SSL_options> — A hashref of C<SSL_*> — options to pass through to L<IO::Socket::SSL>
|
|
||||||
|
|
||||||
+=item *
|
|
||||||
+
|
|
||||||
+C<$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}> — Changes the default certificate verification behavior to not check server identity if set to 1. Only effective if C<verify_SSL> is not set. Added for CVE-2023-31486.
|
|
||||||
+
|
|
||||||
=back
|
|
||||||
|
|
||||||
Passing an explicit C<undef> for C<proxy>, C<http_proxy> or C<https_proxy> will
|
|
@ -1,9 +1,6 @@
|
|||||||
# Run optional test
|
|
||||||
%bcond_without perl_HTTP_Tiny_enables_optional_deps
|
|
||||||
|
|
||||||
Name: perl-HTTP-Tiny
|
Name: perl-HTTP-Tiny
|
||||||
Version: 0.076
|
Version: 0.076
|
||||||
Release: 462%{?dist}
|
Release: 439%{?dist}
|
||||||
Summary: Small, simple, correct HTTP/1.1 client
|
Summary: Small, simple, correct HTTP/1.1 client
|
||||||
License: GPL+ or Artistic
|
License: GPL+ or Artistic
|
||||||
URL: https://metacpan.org/release/HTTP-Tiny
|
URL: https://metacpan.org/release/HTTP-Tiny
|
||||||
@ -11,17 +8,10 @@ Source0: https://cpan.metacpan.org/authors/id/D/DA/DAGOLDEN/HTTP-Tiny-%{v
|
|||||||
# Check for write failure, bug #1031096, refused by upstream,
|
# Check for write failure, bug #1031096, refused by upstream,
|
||||||
# <https://github.com/chansen/p5-http-tiny/issues/32>
|
# <https://github.com/chansen/p5-http-tiny/issues/32>
|
||||||
Patch0: HTTP-Tiny-0.070-Croak-on-failed-write-into-a-file.patch
|
Patch0: HTTP-Tiny-0.070-Croak-on-failed-write-into-a-file.patch
|
||||||
# Change verify_SSL default to 1, add ENV var to enable insecure default
|
|
||||||
# Fix rhbz#2228412 - CVE-2023-31486
|
|
||||||
Patch1: HTTP-Tiny-0.076-Change-verify_SSL-default-to-1-add-ENV-var-to-enable.patch
|
|
||||||
# Fix man page for CVE-2023-31486
|
|
||||||
Patch2: HTTP-Tiny-0.076-Fix-man-page-for-CVE-2023-31486.patch
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: coreutils
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: perl-generators
|
BuildRequires: perl-generators
|
||||||
BuildRequires: perl-interpreter
|
BuildRequires: perl-interpreter
|
||||||
BuildRequires: perl(Config)
|
|
||||||
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76
|
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.76
|
||||||
BuildRequires: perl(strict)
|
BuildRequires: perl(strict)
|
||||||
BuildRequires: perl(warnings)
|
BuildRequires: perl(warnings)
|
||||||
@ -59,24 +49,11 @@ Requires: perl(bytes)
|
|||||||
Requires: perl(Carp)
|
Requires: perl(Carp)
|
||||||
Requires: perl(Fcntl)
|
Requires: perl(Fcntl)
|
||||||
Recommends: perl(IO::Socket::IP) >= 0.32
|
Recommends: perl(IO::Socket::IP) >= 0.32
|
||||||
%if !%{defined perl_bootstrap}
|
|
||||||
Requires: perl(IO::Socket::SSL) >= 1.56
|
|
||||||
Requires: perl(Mozilla::CA)
|
|
||||||
Requires: perl(Net::SSLeay) >= 1.49
|
|
||||||
%else
|
|
||||||
Recommends: perl(IO::Socket::SSL) >= 1.56
|
Recommends: perl(IO::Socket::SSL) >= 1.56
|
||||||
Recommends: perl(Mozilla::CA)
|
|
||||||
Recommends: perl(Net::SSLeay) >= 1.49
|
|
||||||
%endif
|
|
||||||
Requires: perl(MIME::Base64)
|
Requires: perl(MIME::Base64)
|
||||||
|
Recommends: perl(Mozilla::CA)
|
||||||
Requires: perl(Time::Local)
|
Requires: perl(Time::Local)
|
||||||
|
|
||||||
# Filter modules bundled for tests
|
|
||||||
%global __provides_exclude_from %{?__provides_exclude_from:%__provides_exclude_from|}^%{_libexecdir}
|
|
||||||
%global __requires_exclude %{?__requires_exclude:%__requires_exclude|}^perl\\(Util\\)
|
|
||||||
%global __requires_exclude %{__requires_exclude}|^perl\\(BrokenCookieJar\\)
|
|
||||||
%global __requires_exclude %{__requires_exclude}|^perl\\(SimpleCookieJar\\)
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This is a very simple HTTP/1.1 client, designed for doing simple GET requests
|
This is a very simple HTTP/1.1 client, designed for doing simple GET requests
|
||||||
without the overhead of a large framework like LWP::UserAgent.
|
without the overhead of a large framework like LWP::UserAgent.
|
||||||
@ -85,33 +62,9 @@ It is more correct and more complete than HTTP::Lite. It supports proxies
|
|||||||
(currently only non-authenticating ones) and redirection. It also correctly
|
(currently only non-authenticating ones) and redirection. It also correctly
|
||||||
resumes after EINTR.
|
resumes after EINTR.
|
||||||
|
|
||||||
%package tests
|
|
||||||
Summary: Tests for %{name}
|
|
||||||
Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
|
|
||||||
Requires: perl-Test-Harness
|
|
||||||
%if %{with perl_HTTP_Tiny_enables_optional_deps} && !%{defined perl_bootstrap}
|
|
||||||
Requires: openssl
|
|
||||||
Requires: perl(IO::Socket::IP) >= 0.32
|
|
||||||
Requires: perl(IO::Socket::SSL) >= 1.56
|
|
||||||
Requires: perl(Mozilla::CA)
|
|
||||||
Requires: perl(Net::SSLeay) >= 1.49
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description tests
|
|
||||||
Tests from %{name}. Execute them
|
|
||||||
with "%{_libexecdir}/%{name}/test".
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n HTTP-Tiny-%{version}
|
%setup -q -n HTTP-Tiny-%{version}
|
||||||
%patch -P0 -p1
|
%patch0 -p1
|
||||||
%patch -P1 -p1
|
|
||||||
%patch -P2 -p1
|
|
||||||
|
|
||||||
# Help generators to recognize Perl scripts
|
|
||||||
for F in t/*.t; do
|
|
||||||
perl -i -MConfig -ple 'print $Config{startperl} if $. == 1 && !s{\A#!.*perl\b}{$Config{startperl}}' "$F"
|
|
||||||
chmod +x "$F"
|
|
||||||
done
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1
|
perl Makefile.PL INSTALLDIRS=vendor NO_PACKLIST=1
|
||||||
@ -121,17 +74,7 @@ make %{?_smp_mflags}
|
|||||||
make pure_install DESTDIR='%{buildroot}'
|
make pure_install DESTDIR='%{buildroot}'
|
||||||
%{_fixperms} '%{buildroot}'/*
|
%{_fixperms} '%{buildroot}'/*
|
||||||
|
|
||||||
# Install tests
|
|
||||||
mkdir -p %{buildroot}%{_libexecdir}/%{name}
|
|
||||||
cp -a t corpus %{buildroot}%{_libexecdir}/%{name}
|
|
||||||
cat > %{buildroot}%{_libexecdir}/%{name}/test << 'EOF'
|
|
||||||
#!/bin/sh
|
|
||||||
cd %{_libexecdir}/%{name} && AUTOMATED_TESTING=1 exec prove -I . -j "$(getconf _NPROCESSORS_ONLN)"
|
|
||||||
EOF
|
|
||||||
chmod +x %{buildroot}%{_libexecdir}/%{name}/test
|
|
||||||
|
|
||||||
%check
|
%check
|
||||||
export HARNESS_OPTIONS=j$(perl -e 'if ($ARGV[0] =~ /.*-j([0-9][0-9]*).*/) {print $1} else {print 1}' -- '%{?_smp_mflags}')
|
|
||||||
make test
|
make test
|
||||||
|
|
||||||
%files
|
%files
|
||||||
@ -140,36 +83,7 @@ make test
|
|||||||
%{perl_vendorlib}/*
|
%{perl_vendorlib}/*
|
||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%files tests
|
|
||||||
%{_libexecdir}/%{name}
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jan 16 2024 Jitka Plesnikova <jplesnik@redhat.com> - 0.076-462
|
|
||||||
- Update man page for CVE-2023-31486
|
|
||||||
|
|
||||||
* Fri Aug 04 2023 Jitka Plesnikova <jplesnik@redhat.com> - 0.076-461
|
|
||||||
- Changes the verify_SSL default parameter from 0 to 1 - CVE-2023-31486
|
|
||||||
- Resolves: rhbz#2228412
|
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.076-460
|
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
||||||
Related: rhbz#1991688
|
|
||||||
|
|
||||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.076-459
|
|
||||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
||||||
|
|
||||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.076-458
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.076-457
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 0.076-456
|
|
||||||
- Increase release to favour standalone package
|
|
||||||
|
|
||||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.076-440
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.076-439
|
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.076-439
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user