diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
commit | 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch) | |
tree | 7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /dev-perl/LWP-Protocol-https | |
parent | 30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff) |
gentoo resync : 14.07.2018
Diffstat (limited to 'dev-perl/LWP-Protocol-https')
8 files changed, 228 insertions, 0 deletions
diff --git a/dev-perl/LWP-Protocol-https/LWP-Protocol-https-6.60.0.ebuild b/dev-perl/LWP-Protocol-https/LWP-Protocol-https-6.60.0.ebuild new file mode 100644 index 000000000000..44caf92ca7c2 --- /dev/null +++ b/dev-perl/LWP-Protocol-https/LWP-Protocol-https-6.60.0.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +MODULE_AUTHOR=MSCHILLI +MODULE_VERSION=6.06 +inherit perl-module + +DESCRIPTION="Provide https support for LWP::UserAgent" + +SLOT="0" +IUSE="" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" + +RDEPEND=" + app-misc/ca-certificates + >=dev-perl/libwww-perl-6.20.0 + >=dev-perl/Net-HTTP-6 + >=dev-perl/IO-Socket-SSL-1.540.0 +" +DEPEND="${RDEPEND} + virtual/perl-ExtUtils-MakeMaker +" + +PATCHES=( + "${FILESDIR}"/${PN}-6.60.0-etcsslcerts.patch + "${FILESDIR}"/${PN}-6.60.0-CVE-2014-3230.patch +) + +SRC_TEST=online diff --git a/dev-perl/LWP-Protocol-https/LWP-Protocol-https-6.70.0.ebuild b/dev-perl/LWP-Protocol-https/LWP-Protocol-https-6.70.0.ebuild new file mode 100644 index 000000000000..f6efc4943fbc --- /dev/null +++ b/dev-perl/LWP-Protocol-https/LWP-Protocol-https-6.70.0.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +DIST_AUTHOR=OALDERS +DIST_VERSION=6.07 +inherit perl-module + +DESCRIPTION="Provide https support for LWP::UserAgent" + +SLOT="0" +IUSE="test" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" + +RDEPEND=" + app-misc/ca-certificates + >=dev-perl/IO-Socket-SSL-1.540.0 + >=dev-perl/libwww-perl-6.60.0 + >=dev-perl/Net-HTTP-6 +" +DEPEND="${RDEPEND} + virtual/perl-ExtUtils-MakeMaker + test? ( + virtual/perl-Test-Simple + dev-perl/Test-RequiresInternet + ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-6.70.0-etcsslcerts.patch + "${FILESDIR}"/${PN}-6.70.0-CVE-2014-3230.patch # note: breaks a test, still needed? +) +PERL_RM_FILES=( + "t/https_proxy.t" # see above +) diff --git a/dev-perl/LWP-Protocol-https/Manifest b/dev-perl/LWP-Protocol-https/Manifest new file mode 100644 index 000000000000..66d9f96320ac --- /dev/null +++ b/dev-perl/LWP-Protocol-https/Manifest @@ -0,0 +1,9 @@ +AUX LWP-Protocol-https-6.60.0-CVE-2014-3230.patch 903 BLAKE2B 4e874b53671b696a7e4301e0917d8cb279c73fdddf1cb787cbfea4a1a27d9e97800b373a928fafbcca2dcc4f07f3a3b53d6c50b92ccbb62e1356c3bd87f8aef1 SHA512 028cfcdd4fd0cab46b2d1aef4a59fd575a3180bc34a69d8973c67177d27fc7995dac0e003983e448354858747f3f3d19ec3eaf6a42e2619cfde1275ea7e41ec1 +AUX LWP-Protocol-https-6.60.0-etcsslcerts.patch 1193 BLAKE2B 778116724b8c03622c1b916fe299740031841c9497b9fedcee67b1e93cdcad1a270b8757d06a4873fd75278e2def80a36025906831106a98a1b49e3ee4c3ff77 SHA512 09fb5755f9a56199c1b6aea9c3e75bf397424f041474904e1c93545ce676edbac4fafd105c1a87038576e2e5017186c2836357dbefe89b1872186027b318ea34 +AUX LWP-Protocol-https-6.70.0-CVE-2014-3230.patch 1136 BLAKE2B b6a82d284c8a4bcc6dfc62a253ed887fadc32f0b149e8ff1a04769495c9f1729c0a9e2b775311a574265620b49da98c7e5f0ae43f58c948da7e6b41a2872a723 SHA512 115a0b152722e874e35a6d7207b8e77c19f14a7f1fe7d4dd2e246c3085332ec37b2839e386063e48159d9194a6dce19c2dcbe03d5e66360d28cc5d0547f9e63d +AUX LWP-Protocol-https-6.70.0-etcsslcerts.patch 1595 BLAKE2B 1a0d41704506f988405a776d96292e12be53487b3d2ab71259f82282ba95741e647925444d4c4090b242ebeeee49c7e2dc83f93d5aca6480bb4731970c410f98 SHA512 977ae51ffaa8d931e55b1aac278980f0a13fc06f0cbed99b81d983cd98068f5f8e65b388ed97befa6c850d92e9cae785ae3b4f84d5115cf730271bc04a40e18d +DIST LWP-Protocol-https-6.06.tar.gz 8376 BLAKE2B f8c19db22689c50b707f45d19f745e49329edf14d87a888f9d5d4eab901d5bbeac0b525f13a3dd0ad8ab642a2ea7f2a77167a86ccbe5bc6644bc4478531be8ec SHA512 acc65d63da858f25cf9cc1e11d074f035e8ead4c1ffea22bac930f61100ff98f2bf0bb4ede12219d6c22bd5fe4d99532a45fe5cbc9a4b863dd16b0c379f8d2ea +DIST LWP-Protocol-https-6.07.tar.gz 9184 BLAKE2B 0104a51ac8b5cedeedc2f19bf6079a2f22f050db5f9e9030a015b473c63c8c01ea1716551a30e9602323dd420fdd50e304840722d214d38e1ae2a0347c91448a SHA512 4a07cd8a1c44e31781069a632a77f3af43747933420e831b4fd4a12faac7dc04f0c6b10ea773c3e14ecb66209a547b3587c0e3f481a55b9929db65f7b10343aa +EBUILD LWP-Protocol-https-6.60.0.ebuild 800 BLAKE2B 1bc5a19a0500a22ed903ac9b79f110624d794b3f92f109061bcc0ab174c7c6ae8a431ad6cde98b9e6e3ad88f26cb339dc150ac3f82a8edb0611b76c8091ec658 SHA512 2463813e314c4e9d16d9cf532b631e56bd16f5c4bd944f1edf16650c41d4c1d0c2b6cc5aa8919732916042f0a07dc6e082f663e5a08e0c82cf58788eea429399 +EBUILD LWP-Protocol-https-6.70.0.ebuild 952 BLAKE2B db6ee911aa992ff97627ee6d8bb081823904644c27f757d68607c9fe0d117de48edcbfba34220d0417f8990a1e6b0cbd298935081cc30d59f9e250cd9dd7c6ab SHA512 29651d2fcec83c918e1ef8f641f3ca602777bdb30eb7fe6bd4fc49b0636eb0be9c2474335e9d5791283e709de0c1209f1841d1c4833ac66e9fdeb9ea0dcc7cd4 +MISC metadata.xml 470 BLAKE2B 3ca8b3351b051c0c140dfd02e57b98551aa5e3015d008ecd4c609aae9067535e9eec71c5c94b7f8f33931a69d6ad5f4a357cf91d070fc7932c8ccd692fc4471e SHA512 53faefb3533b9b8534d5a41f25eb5c77e0d9a5e765ef0c90a18c6bb1bee62bc9ee88ad4e8eed4c85453ef4cfabb240d5ff1e60e6a6651af0476ce0fa1d269bb8 diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch new file mode 100644 index 000000000000..1eb26d2e4092 --- /dev/null +++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch @@ -0,0 +1,22 @@ +Source: https://bugzilla.redhat.com/show_bug.cgi?id=1094440 + +This patch combines the following two: +https://bugzilla.redhat.com/attachment.cgi?id=894747 +https://bugzilla.redhat.com/attachment.cgi?id=894748 + +diff -ruN LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm +--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm 2014-04-18 18:33:26.000000000 +0200 ++++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm 2014-10-26 23:57:27.714303175 +0100 +@@ -21,7 +21,11 @@ + $ssl_opts{SSL_verifycn_scheme} = 'www'; + } + else { +- $ssl_opts{SSL_verify_mode} = 0; ++ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) { ++ $ssl_opts{SSL_verifycn_scheme} = ''; ++ } else { ++ $ssl_opts{SSL_verifycn_scheme} = 'none'; ++ } + } + if ($ssl_opts{SSL_verify_mode}) { + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-etcsslcerts.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-etcsslcerts.patch new file mode 100644 index 000000000000..55163a097835 --- /dev/null +++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-etcsslcerts.patch @@ -0,0 +1,33 @@ +See https://bugs.gentoo.org/358081 + + +diff -ruN LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm +--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm 2014-04-18 18:33:26.000000000 +0200 ++++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm 2014-10-27 00:04:50.604802937 +0100 +@@ -25,25 +25,7 @@ + } + if ($ssl_opts{SSL_verify_mode}) { + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { +- eval { +- require Mozilla::CA; +- }; +- if ($@) { +- if ($@ =! /^Can't locate Mozilla\/CA\.pm/) { +- $@ = <<'EOT'; +-Can't verify SSL peers without knowing which Certificate Authorities to trust +- +-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE +-environment variable or by installing the Mozilla::CA module. +- +-To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME +-environment variable to 0. If you do this you can't be sure that you +-communicate with the expected peer. +-EOT +- } +- die $@; +- } +- $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file(); ++ $ssl_opts{SSL_ca_path} = '/etc/ssl/certs'; + } + } + $self->{ssl_opts} = \%ssl_opts; diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-CVE-2014-3230.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-CVE-2014-3230.patch new file mode 100644 index 000000000000..781d72ee03e9 --- /dev/null +++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-CVE-2014-3230.patch @@ -0,0 +1,36 @@ +From 67de137e737e4fa92d0cb746bdc8474d7bb5e000 Mon Sep 17 00:00:00 2001 +From: Kent Fredric <kentnl@gentoo.org> +Date: Tue, 21 Mar 2017 10:11:32 +1300 +Subject: Use SSL_verifycn_scheme instead of disabling SSL_verify_mode + +Re: CVE-2014-3230 + +Redhat Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1094440 + +Combines: https://bugzilla.redhat.com/attachment.cgi?id=894747 + https://bugzilla.redhat.com/attachment.cgi?id=894748 +--- + lib/LWP/Protocol/https.pm | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm +index f8ab398..ba69966 100644 +--- a/lib/LWP/Protocol/https.pm ++++ b/lib/LWP/Protocol/https.pm +@@ -21,7 +21,12 @@ sub _extra_sock_opts + $ssl_opts{SSL_verifycn_scheme} = 'www'; + } + else { +- $ssl_opts{SSL_verify_mode} = 0; ++ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) { ++ $ssl_opts{SSL_verifycn_scheme} = ''; ++ } ++ else { ++ $ssl_opts{SSL_verifycn_scheme} = 'none'; ++ } + } + if ($ssl_opts{SSL_verify_mode}) { + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { +-- +2.12.0 + diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch new file mode 100644 index 000000000000..2553c7949af9 --- /dev/null +++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch @@ -0,0 +1,48 @@ +From 9baa19987f93284be254415d15db56c599e52e1e Mon Sep 17 00:00:00 2001 +From: Kent Fredric <kentnl@gentoo.org> +Date: Tue, 21 Mar 2017 10:07:35 +1300 +Subject: Ensure using System Certificates instead of Mozilla-CA + +Bug: https://bugs.gentoo.org/358081 +--- + lib/LWP/Protocol/https.pm | 24 +++--------------------- + 1 file changed, 3 insertions(+), 21 deletions(-) + +diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm +index ed4d832..f8ab398 100644 +--- a/lib/LWP/Protocol/https.pm ++++ b/lib/LWP/Protocol/https.pm +@@ -24,27 +24,9 @@ sub _extra_sock_opts + $ssl_opts{SSL_verify_mode} = 0; + } + if ($ssl_opts{SSL_verify_mode}) { +- unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { +- eval { +- require Mozilla::CA; +- }; +- if ($@) { +- if ($@ =~ /^Can't locate Mozilla\/CA\.pm/) { +- $@ = <<'EOT'; +-Can't verify SSL peers without knowing which Certificate Authorities to trust +- +-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE +-environment variable or by installing the Mozilla::CA module. +- +-To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME +-environment variable to 0. If you do this you can't be sure that you +-communicate with the expected peer. +-EOT +- } +- die $@; +- } +- $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file(); +- } ++ unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { ++ $ssl_opts{SSL_ca_path} = '/etc/ssl/certs'; ++ } + } + $self->{ssl_opts} = \%ssl_opts; + return (%ssl_opts, $self->SUPER::_extra_sock_opts); +-- +2.12.0 + diff --git a/dev-perl/LWP-Protocol-https/metadata.xml b/dev-perl/LWP-Protocol-https/metadata.xml new file mode 100644 index 000000000000..06f924d1c8e9 --- /dev/null +++ b/dev-perl/LWP-Protocol-https/metadata.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>perl@gentoo.org</email> + <name>Gentoo Perl Project</name> + </maintainer> + <upstream> + <remote-id type="cpan">LWP-Protocol-https</remote-id> + <remote-id type="cpan-module">LWP::Protocol::https</remote-id> + <remote-id type="cpan-module">LWP::Protocol::https::Socket</remote-id> + </upstream> +</pkgmetadata> |