From 767347bb6621a27c718873ac8a1c92b6eacaa40f Mon Sep 17 00:00:00 2001 From: tron Date: Wed, 28 May 2014 19:45:34 +0000 Subject: Pullup ticket #4423 - requested by taca www/p5-LWP-Protocol-https: security patch Apply patch to fix CVE-2014-3230. --- www/p5-LWP-Protocol-https/Makefile | 3 ++- www/p5-LWP-Protocol-https/distinfo | 3 ++- .../patches/patch-lib_LWP_Protocol_https.pm | 20 ++++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 www/p5-LWP-Protocol-https/patches/patch-lib_LWP_Protocol_https.pm diff --git a/www/p5-LWP-Protocol-https/Makefile b/www/p5-LWP-Protocol-https/Makefile index 7c1c5f19b2c..5db22a98abc 100644 --- a/www/p5-LWP-Protocol-https/Makefile +++ b/www/p5-LWP-Protocol-https/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.11 2013/07/10 02:51:56 schmonz Exp $ +# $NetBSD: Makefile,v 1.11.6.1 2014/05/28 19:45:34 tron Exp $ DISTNAME= LWP-Protocol-https-6.04 PKGNAME= p5-${DISTNAME} +PKGREVISION= 1 CATEGORIES= www perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=LWP/} diff --git a/www/p5-LWP-Protocol-https/distinfo b/www/p5-LWP-Protocol-https/distinfo index 545660b0b29..7a189a79d28 100644 --- a/www/p5-LWP-Protocol-https/distinfo +++ b/www/p5-LWP-Protocol-https/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.3 2013/07/10 02:51:56 schmonz Exp $ +$NetBSD: distinfo,v 1.3.6.1 2014/05/28 19:45:34 tron Exp $ SHA1 (LWP-Protocol-https-6.04.tar.gz) = 5a63cb409ff4ba34006d5a45120e7facc52dc837 RMD160 (LWP-Protocol-https-6.04.tar.gz) = cc430e930aa607c1436b2be94d171c1192f64f3f Size (LWP-Protocol-https-6.04.tar.gz) = 4035 bytes +SHA1 (patch-lib_LWP_Protocol_https.pm) = 790507e4e14a1d8cf679f1089cea8fa457bb559d diff --git a/www/p5-LWP-Protocol-https/patches/patch-lib_LWP_Protocol_https.pm b/www/p5-LWP-Protocol-https/patches/patch-lib_LWP_Protocol_https.pm new file mode 100644 index 00000000000..f378ebbd102 --- /dev/null +++ b/www/p5-LWP-Protocol-https/patches/patch-lib_LWP_Protocol_https.pm @@ -0,0 +1,20 @@ +$NetBSD: patch-lib_LWP_Protocol_https.pm,v 1.1.2.2 2014/05/28 19:45:34 tron Exp $ + +Fix for CVE-2014-3230 from +https://github.com/libwww-perl/lwp-protocol-https/pull/14 + +--- lib/LWP/Protocol/https.pm.orig 2013-04-29 21:16:18.000000000 +0000 ++++ lib/LWP/Protocol/https.pm +@@ -20,7 +20,11 @@ sub _extra_sock_opts + $ssl_opts{SSL_verifycn_scheme} = 'www'; + } + else { +- $ssl_opts{SSL_verify_mode} = 0; ++ if ( $Net::HTTPS::SSL_SOCKET_CLASS eq 'Net::SSL' ) { ++ $ssl_opts{SSL_verifycn_scheme} = ''; ++ } else { ++ $ssl_opts{SSL_verifycn_scheme} = 'none'; ++ } + } + if ($ssl_opts{SSL_verify_mode}) { + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { -- cgit v1.2.3