From 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 14 Jul 2018 21:03:06 +0100
Subject: gentoo resync : 14.07.2018

---
 .../LWP-Protocol-https-6.60.0-CVE-2014-3230.patch  | 22 ++++++++++
 .../LWP-Protocol-https-6.60.0-etcsslcerts.patch    | 33 +++++++++++++++
 .../LWP-Protocol-https-6.70.0-CVE-2014-3230.patch  | 36 ++++++++++++++++
 .../LWP-Protocol-https-6.70.0-etcsslcerts.patch    | 48 ++++++++++++++++++++++
 4 files changed, 139 insertions(+)
 create mode 100644 dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch
 create mode 100644 dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-etcsslcerts.patch
 create mode 100644 dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-CVE-2014-3230.patch
 create mode 100644 dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch

(limited to 'dev-perl/LWP-Protocol-https/files')

diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch
new file mode 100644
index 000000000000..1eb26d2e4092
--- /dev/null
+++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-CVE-2014-3230.patch
@@ -0,0 +1,22 @@
+Source: https://bugzilla.redhat.com/show_bug.cgi?id=1094440
+
+This patch combines the following two:
+https://bugzilla.redhat.com/attachment.cgi?id=894747
+https://bugzilla.redhat.com/attachment.cgi?id=894748
+
+diff -ruN LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
+--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm	2014-04-18 18:33:26.000000000 +0200
++++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm	2014-10-26 23:57:27.714303175 +0100
+@@ -21,7 +21,11 @@
+ 	$ssl_opts{SSL_verifycn_scheme} = 'www';
+     }
+     else {
+-	$ssl_opts{SSL_verify_mode} = 0;
++	if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
++	    $ssl_opts{SSL_verifycn_scheme} = '';
++	} else {
++	    $ssl_opts{SSL_verifycn_scheme} = 'none';
++	}
+     }
+     if ($ssl_opts{SSL_verify_mode}) {
+ 	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-etcsslcerts.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-etcsslcerts.patch
new file mode 100644
index 000000000000..55163a097835
--- /dev/null
+++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.60.0-etcsslcerts.patch
@@ -0,0 +1,33 @@
+See https://bugs.gentoo.org/358081
+
+
+diff -ruN LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
+--- LWP-Protocol-https-6.06.orig/lib/LWP/Protocol/https.pm	2014-04-18 18:33:26.000000000 +0200
++++ LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm	2014-10-27 00:04:50.604802937 +0100
+@@ -25,25 +25,7 @@
+     }
+     if ($ssl_opts{SSL_verify_mode}) {
+ 	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
+-	    eval {
+-		require Mozilla::CA;
+-	    };
+-	    if ($@) {
+-		if ($@ =! /^Can't locate Mozilla\/CA\.pm/) {
+-		    $@ = <<'EOT';
+-Can't verify SSL peers without knowing which Certificate Authorities to trust
+-
+-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
+-environment variable or by installing the Mozilla::CA module.
+-
+-To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
+-environment variable to 0.  If you do this you can't be sure that you
+-communicate with the expected peer.
+-EOT
+-		}
+-		die $@;
+-	    }
+-	    $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file();
++	    $ssl_opts{SSL_ca_path} = '/etc/ssl/certs';
+ 	}
+     }
+     $self->{ssl_opts} = \%ssl_opts;
diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-CVE-2014-3230.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-CVE-2014-3230.patch
new file mode 100644
index 000000000000..781d72ee03e9
--- /dev/null
+++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-CVE-2014-3230.patch
@@ -0,0 +1,36 @@
+From 67de137e737e4fa92d0cb746bdc8474d7bb5e000 Mon Sep 17 00:00:00 2001
+From: Kent Fredric <kentnl@gentoo.org>
+Date: Tue, 21 Mar 2017 10:11:32 +1300
+Subject: Use SSL_verifycn_scheme instead of disabling SSL_verify_mode
+
+Re: CVE-2014-3230
+
+Redhat Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1094440
+
+Combines: https://bugzilla.redhat.com/attachment.cgi?id=894747
+  https://bugzilla.redhat.com/attachment.cgi?id=894748
+---
+ lib/LWP/Protocol/https.pm | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm
+index f8ab398..ba69966 100644
+--- a/lib/LWP/Protocol/https.pm
++++ b/lib/LWP/Protocol/https.pm
+@@ -21,7 +21,12 @@ sub _extra_sock_opts
+ 	$ssl_opts{SSL_verifycn_scheme} = 'www';
+     }
+     else {
+-	$ssl_opts{SSL_verify_mode} = 0;
++      if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) {
++        $ssl_opts{SSL_verifycn_scheme} = '';
++      }
++      else {
++        $ssl_opts{SSL_verifycn_scheme} = 'none';
++      }
+     }
+     if ($ssl_opts{SSL_verify_mode}) {
+       unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
+-- 
+2.12.0
+
diff --git a/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch
new file mode 100644
index 000000000000..2553c7949af9
--- /dev/null
+++ b/dev-perl/LWP-Protocol-https/files/LWP-Protocol-https-6.70.0-etcsslcerts.patch
@@ -0,0 +1,48 @@
+From 9baa19987f93284be254415d15db56c599e52e1e Mon Sep 17 00:00:00 2001
+From: Kent Fredric <kentnl@gentoo.org>
+Date: Tue, 21 Mar 2017 10:07:35 +1300
+Subject: Ensure using System Certificates instead of Mozilla-CA
+
+Bug: https://bugs.gentoo.org/358081
+---
+ lib/LWP/Protocol/https.pm | 24 +++---------------------
+ 1 file changed, 3 insertions(+), 21 deletions(-)
+
+diff --git a/lib/LWP/Protocol/https.pm b/lib/LWP/Protocol/https.pm
+index ed4d832..f8ab398 100644
+--- a/lib/LWP/Protocol/https.pm
++++ b/lib/LWP/Protocol/https.pm
+@@ -24,27 +24,9 @@ sub _extra_sock_opts
+ 	$ssl_opts{SSL_verify_mode} = 0;
+     }
+     if ($ssl_opts{SSL_verify_mode}) {
+-	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
+-	    eval {
+-		require Mozilla::CA;
+-	    };
+-	    if ($@) {
+-		if ($@ =~ /^Can't locate Mozilla\/CA\.pm/) {
+-		    $@ = <<'EOT';
+-Can't verify SSL peers without knowing which Certificate Authorities to trust
+-
+-This problem can be fixed by either setting the PERL_LWP_SSL_CA_FILE
+-environment variable or by installing the Mozilla::CA module.
+-
+-To disable verification of SSL peers set the PERL_LWP_SSL_VERIFY_HOSTNAME
+-environment variable to 0.  If you do this you can't be sure that you
+-communicate with the expected peer.
+-EOT
+-		}
+-		die $@;
+-	    }
+-	    $ssl_opts{SSL_ca_file} = Mozilla::CA::SSL_ca_file();
+-	}
++      unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
++        $ssl_opts{SSL_ca_path} = '/etc/ssl/certs';
++      }
+     }
+     $self->{ssl_opts} = \%ssl_opts;
+     return (%ssl_opts, $self->SUPER::_extra_sock_opts);
+-- 
+2.12.0
+
-- 
cgit v1.2.3