diff options
| author | schmonz <schmonz@pkgsrc.org> | 2014-09-17 22:46:17 +0000 |
|---|---|---|
| committer | schmonz <schmonz@pkgsrc.org> | 2014-09-17 22:46:17 +0000 |
| commit | 6d1b516cd0cab528514fbc8e268ea7256baa9389 (patch) | |
| tree | 59c979af96d21854310ae87d52a4456cfe26068b | |
| parent | b1b6005e22755b7f87f01e8290f0849e4448d4ba (diff) | |
| download | pkgsrc-6d1b516cd0cab528514fbc8e268ea7256baa9389.tar.gz | |
Apply patches from upstream git and Debian to fix reading long
documents over IO::Socket::SSL, then stop forcing Net::SSL (which
doesn't verify hostnames) even when the admin requested IO::Socket::SSL,
and then pass the server name through so SNI can work. Bump PKGREVISION.
Updating during the freeze for the security improvements.
5 files changed, 83 insertions, 2 deletions
diff --git a/www/p5-LWPx-ParanoidAgent/Makefile b/www/p5-LWPx-ParanoidAgent/Makefile index fdef66df1a2..25f1b685021 100644 --- a/www/p5-LWPx-ParanoidAgent/Makefile +++ b/www/p5-LWPx-ParanoidAgent/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.12 2014/06/09 20:08:15 schmonz Exp $ +# $NetBSD: Makefile,v 1.13 2014/09/17 22:46:17 schmonz Exp $ # DISTNAME= LWPx-ParanoidAgent-1.10 PKGNAME= p5-${DISTNAME} +PKGREVISION= 1 CATEGORIES= www perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=LWPx/} @@ -17,5 +18,8 @@ DEPENDS+= p5-Net-DNS-[0-9]*:../../net/p5-Net-DNS PERL5_PACKLIST= auto/LWPx/ParanoidAgent/.packlist USE_LANGUAGES= # none +pre-configure: + find ${WRKSRC} -type f -name '*.orig' -print | xargs rm -f + .include "../../lang/perl5/module.mk" .include "../../mk/bsd.pkg.mk" diff --git a/www/p5-LWPx-ParanoidAgent/distinfo b/www/p5-LWPx-ParanoidAgent/distinfo index 2f9ef237786..980bad955f8 100644 --- a/www/p5-LWPx-ParanoidAgent/distinfo +++ b/www/p5-LWPx-ParanoidAgent/distinfo @@ -1,5 +1,8 @@ -$NetBSD: distinfo,v 1.4 2014/06/09 20:08:15 schmonz Exp $ +$NetBSD: distinfo,v 1.5 2014/09/17 22:46:17 schmonz Exp $ SHA1 (LWPx-ParanoidAgent-1.10.tar.gz) = c8090a2aae57c4044f0e829d13f9ddde81c7495f RMD160 (LWPx-ParanoidAgent-1.10.tar.gz) = 0c708d534edb171bf8dc22d8e5f8c800780a42b6 Size (LWPx-ParanoidAgent-1.10.tar.gz) = 17665 bytes +SHA1 (patch-Makefile.PL) = 6e032f115ad044d912b290b482c0643baf35cef1 +SHA1 (patch-lib_LWPx_ParanoidAgent.pm) = d0ca05cce2c3bc208b49179442cb8107a16df2d4 +SHA1 (patch-lib_LWPx_Protocol_http__paranoid.pm) = e22c9066565f84133134133f69c1ebb94b986b2e diff --git a/www/p5-LWPx-ParanoidAgent/patches/patch-Makefile.PL b/www/p5-LWPx-ParanoidAgent/patches/patch-Makefile.PL new file mode 100644 index 00000000000..44dc0eeafff --- /dev/null +++ b/www/p5-LWPx-ParanoidAgent/patches/patch-Makefile.PL @@ -0,0 +1,17 @@ +$NetBSD: patch-Makefile.PL,v 1.1 2014/09/17 22:46:17 schmonz Exp $ + +From upstream git commit 815c691, allow PERL_NET_HTTPS_SSL_SOCKET_CLASS +to control which SSL module gets used, rather than forcibly using +Net::SSL (which doesn't verify hostnames) no matter how the environment +variable is set. + +--- Makefile.PL.orig 2013-11-04 19:30:07.000000000 +0000 ++++ Makefile.PL +@@ -6,7 +6,6 @@ WriteMakefile( + 'LWP::UserAgent' => 0, + 'Net::DNS' => 0, + 'Time::HiRes' => 0, +- 'Net::SSL' => '2.85' + }, + 'META_MERGE' => { + "resources" => { diff --git a/www/p5-LWPx-ParanoidAgent/patches/patch-lib_LWPx_ParanoidAgent.pm b/www/p5-LWPx-ParanoidAgent/patches/patch-lib_LWPx_ParanoidAgent.pm new file mode 100644 index 00000000000..273b69afa3f --- /dev/null +++ b/www/p5-LWPx-ParanoidAgent/patches/patch-lib_LWPx_ParanoidAgent.pm @@ -0,0 +1,20 @@ +$NetBSD: patch-lib_LWPx_ParanoidAgent.pm,v 1.1 2014/09/17 22:46:17 schmonz Exp $ + +From upstream git commit 815c691, allow PERL_NET_HTTPS_SSL_SOCKET_CLASS +to control which SSL module gets used, rather than forcibly using +Net::SSL (which doesn't verify hostnames) no matter how the environment +variable is set. + +--- lib/LWPx/ParanoidAgent.pm.orig 2013-11-11 15:45:04.000000000 +0000 ++++ lib/LWPx/ParanoidAgent.pm +@@ -12,10 +12,6 @@ use HTTP::Status (); + use strict; + use Net::DNS; + use LWP::Debug (); +-require Net::SSL; +- +-# fixes https://github.com/csirtgadgets/LWPx-ParanoidAgent/issues/4 +-$Net::HTTPS::SSL_SOCKET_CLASS = 'Net::SSL'; + + sub new { + my $class = shift; diff --git a/www/p5-LWPx-ParanoidAgent/patches/patch-lib_LWPx_Protocol_http__paranoid.pm b/www/p5-LWPx-ParanoidAgent/patches/patch-lib_LWPx_Protocol_http__paranoid.pm new file mode 100644 index 00000000000..79b6c7a8c9c --- /dev/null +++ b/www/p5-LWPx-ParanoidAgent/patches/patch-lib_LWPx_Protocol_http__paranoid.pm @@ -0,0 +1,37 @@ +$NetBSD: patch-lib_LWPx_Protocol_http__paranoid.pm,v 1.1 2014/09/17 22:46:17 schmonz Exp $ + +From upstream git commit a92ed8f, fix usage of IO::Socket::SSL when +reading long documents. From df6df19 and a patch from Chapman Flack, +specify server name for Server Name Indication. + +--- lib/LWPx/Protocol/http_paranoid.pm.orig 2013-11-04 19:30:07.000000000 +0000 ++++ lib/LWPx/Protocol/http_paranoid.pm +@@ -10,6 +10,8 @@ require HTTP::Response; + require HTTP::Status; + require Net::HTTP; + ++use Errno qw(EAGAIN); ++ + use vars qw(@ISA $TOO_LATE $TIME_REMAIN); + + require LWP::Protocol; +@@ -65,6 +67,8 @@ sub _new_socket + (time() - $request->{_timebegin}) : + $timeout; + $sock = $self->socket_class->new(PeerAddr => $addr, ++ PeerHost => $host, ++ SSL_hostname => $host, + PeerPort => $port, + Proto => 'tcp', + Timeout => $conn_timeout, +@@ -360,8 +364,9 @@ sub request + { + _set_time_remain(); + $n = $socket->read_entity_body($buf, $size); +- die "Can't read entity body: $!" unless defined $n; + redo READ if $n == -1; ++ redo READ if not defined $n and $! == EAGAIN; ++ die "Can't read entity body: $!" unless defined $n; + } + $complete++ if !$n; + return \$buf; |