diff options
| author | wiz <wiz@pkgsrc.org> | 2014-05-15 10:17:38 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2014-05-15 10:17:38 +0000 |
| commit | 2ae2ff5f5bdf93dbe1abbee3ed6bbbb3ce4ca35c (patch) | |
| tree | 5112cf31b80f8a11bb0fc0bbee62e90499a63aa0 | |
| parent | 31fd2b553b8c8fa4d5e208e400edb8e87c22623f (diff) | |
| download | pkgsrc-2ae2ff5f5bdf93dbe1abbee3ed6bbbb3ce4ca35c.tar.gz | |
Fix for CVE-2014-3230, from upstream pull request at
https://github.com/libwww-perl/lwp-protocol-https/pull/14
Bump PKGREVISION.
| -rw-r--r-- | www/p5-LWP-Protocol-https/Makefile | 3 | ||||
| -rw-r--r-- | www/p5-LWP-Protocol-https/distinfo | 4 | ||||
| -rw-r--r-- | www/p5-LWP-Protocol-https/patches/patch-lib_LWP_Protocol_https.pm | 20 | ||||
| -rw-r--r-- | www/p5-LWP-Protocol-https/patches/patch-t_https__proxy.t | 19 |
4 files changed, 44 insertions, 2 deletions
diff --git a/www/p5-LWP-Protocol-https/Makefile b/www/p5-LWP-Protocol-https/Makefile index 93ef75bc912..0a8bc68c51a 100644 --- a/www/p5-LWP-Protocol-https/Makefile +++ b/www/p5-LWP-Protocol-https/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.12 2014/05/15 10:13:15 wiz Exp $ +# $NetBSD: Makefile,v 1.13 2014/05/15 10:17:38 wiz Exp $ DISTNAME= LWP-Protocol-https-6.06 PKGNAME= p5-${DISTNAME} +PKGREVISION= 1 CATEGORIES= www perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=../../authors/id/M/MS/MSCHILLI/} diff --git a/www/p5-LWP-Protocol-https/distinfo b/www/p5-LWP-Protocol-https/distinfo index 0c173357cca..b7b5732b0c2 100644 --- a/www/p5-LWP-Protocol-https/distinfo +++ b/www/p5-LWP-Protocol-https/distinfo @@ -1,5 +1,7 @@ -$NetBSD: distinfo,v 1.4 2014/05/15 10:13:15 wiz Exp $ +$NetBSD: distinfo,v 1.5 2014/05/15 10:17:38 wiz Exp $ SHA1 (LWP-Protocol-https-6.06.tar.gz) = 210a2f7ba3f82ffc7a18836d0a4356986080d407 RMD160 (LWP-Protocol-https-6.06.tar.gz) = faefe1526b6a04be2deac8c6f96a9d6cf2d4a647 Size (LWP-Protocol-https-6.06.tar.gz) = 8376 bytes +SHA1 (patch-lib_LWP_Protocol_https.pm) = b4129bf47059955b8527761c81674ee44318f8a0 +SHA1 (patch-t_https__proxy.t) = 0653e29cdbe683329ccfa065d527a2e37bd3fde7 diff --git a/www/p5-LWP-Protocol-https/patches/patch-lib_LWP_Protocol_https.pm b/www/p5-LWP-Protocol-https/patches/patch-lib_LWP_Protocol_https.pm new file mode 100644 index 00000000000..e31e5da1c47 --- /dev/null +++ b/www/p5-LWP-Protocol-https/patches/patch-lib_LWP_Protocol_https.pm @@ -0,0 +1,20 @@ +$NetBSD: patch-lib_LWP_Protocol_https.pm,v 1.1 2014/05/15 10:17:38 wiz Exp $ + +Fix for CVE-2014-3230 from +https://github.com/libwww-perl/lwp-protocol-https/pull/14 + +--- lib/LWP/Protocol/https.pm.orig 2014-04-18 16:33:26.000000000 +0000 ++++ lib/LWP/Protocol/https.pm +@@ -21,7 +21,11 @@ sub _extra_sock_opts + $ssl_opts{SSL_verifycn_scheme} = 'www'; + } + else { +- $ssl_opts{SSL_verify_mode} = 0; ++ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) { ++ $ssl_opts{SSL_verifycn_scheme} = ''; ++ } else { ++ $ssl_opts{SSL_verifycn_scheme} = 'none'; ++ } + } + if ($ssl_opts{SSL_verify_mode}) { + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { diff --git a/www/p5-LWP-Protocol-https/patches/patch-t_https__proxy.t b/www/p5-LWP-Protocol-https/patches/patch-t_https__proxy.t new file mode 100644 index 00000000000..3d1a0e6c6b6 --- /dev/null +++ b/www/p5-LWP-Protocol-https/patches/patch-t_https__proxy.t @@ -0,0 +1,19 @@ +$NetBSD: patch-t_https__proxy.t,v 1.1 2014/05/15 10:17:38 wiz Exp $ + +Fix for CVE-2014-3230 from +https://github.com/libwww-perl/lwp-protocol-https/pull/14 + +--- t/https_proxy.t.orig 2014-04-18 16:21:26.000000000 +0000 ++++ t/https_proxy.t +@@ -66,7 +66,10 @@ my %ua; + $ua{noproxy} = LWP::UserAgent->new( + keep_alive => 10, # size of connection cache + # server does not know the expected name and returns generic certificate +- ssl_opts => { verify_hostname => 0 } ++ ssl_opts => { ++ verify_hostname => 0, ++ SSL_ca_file => $cafile, ++ } + ); + + $ua{proxy} = LWP::UserAgent->new( |