diff --git a/.gitignore b/.gitignore index 872c0e3..1bdee5f 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ /CPAN-2.27.tar.gz /CPAN-2.28.tar.gz /CPAN-2.29.tar.gz +/CPAN-2.33.tar.gz diff --git a/CPAN-2.32-s-dev-null-devnull.patch b/CPAN-2.32-s-dev-null-devnull.patch deleted file mode 100644 index 56063d8..0000000 --- a/CPAN-2.32-s-dev-null-devnull.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 89b13baf1d46e4fb10023af30ef305efec4fd603 Mon Sep 17 00:00:00 2001 -From: Andreas Koenig -Date: Wed, 12 Jan 2022 21:53:35 +0100 -Subject: [PATCH 2/2] s,/dev/null,$devnull, - -- another thanks to Tomas Hoger for spotting that ---- - lib/CPAN/Distribution.pm | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/CPAN/Distribution.pm b/lib/CPAN/Distribution.pm -index d837b8ad..6ca1b434 100644 ---- a/lib/CPAN/Distribution.pm -+++ b/lib/CPAN/Distribution.pm -@@ -1554,7 +1554,7 @@ sub CHECKSUM_check_file { - my $devnull = File::Spec->devnull; - my $gpg = $CPAN::Config->{gpg} or - $CPAN::Frontend->mydie("Your configuration suggests that you do not have 'gpg' installed. This is needed to verify checksums with the config variable 'check_sigs' on. Please configure it with 'o conf init gpg'"); -- my $system = qq{"$gpg" --verify --batch --no-tty --output "$tempfile" "$chk_file" 2> "/dev/null"}; -+ my $system = qq{"$gpg" --verify --batch --no-tty --output "$tempfile" "$chk_file" 2> "$devnull"}; - 0 == system $system or $CPAN::Frontend->mydie("gpg run was failing, cannot continue: $system"); - open $fh, $tempfile or $CPAN::Frontend->mydie("Could not open $tempfile: $!"); - local $/; --- -2.34.1 - diff --git a/CPAN-2.32-s-gpg-gpg-in-system-add-quotes-where-needed.patch b/CPAN-2.32-s-gpg-gpg-in-system-add-quotes-where-needed.patch deleted file mode 100644 index 56216e7..0000000 --- a/CPAN-2.32-s-gpg-gpg-in-system-add-quotes-where-needed.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7d4d5e32bcd9b75f7bf70a395938a48ca4a06d25 Mon Sep 17 00:00:00 2001 -From: Andreas Koenig -Date: Mon, 10 Jan 2022 21:47:30 +0100 -Subject: [PATCH 1/2] s/gpg/$gpg/ in system, add quotes where needed - -- thanks to Tomas Hoger for spotting the missing sigil ---- - lib/CPAN/Distribution.pm | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/lib/CPAN/Distribution.pm b/lib/CPAN/Distribution.pm -index b262b6f6..d837b8ad 100644 ---- a/lib/CPAN/Distribution.pm -+++ b/lib/CPAN/Distribution.pm -@@ -1551,9 +1551,10 @@ sub CHECKSUM_check_file { - } - my $tempfile = File::Spec->catfile($tempdir, "CHECKSUMS.$$"); - unlink $tempfile; # ignore missing file -+ my $devnull = File::Spec->devnull; - my $gpg = $CPAN::Config->{gpg} or - $CPAN::Frontend->mydie("Your configuration suggests that you do not have 'gpg' installed. This is needed to verify checksums with the config variable 'check_sigs' on. Please configure it with 'o conf init gpg'"); -- my $system = "gpg --verify --batch --no-tty --output $tempfile $chk_file 2> /dev/null"; -+ my $system = qq{"$gpg" --verify --batch --no-tty --output "$tempfile" "$chk_file" 2> "/dev/null"}; - 0 == system $system or $CPAN::Frontend->mydie("gpg run was failing, cannot continue: $system"); - open $fh, $tempfile or $CPAN::Frontend->mydie("Could not open $tempfile: $!"); - local $/; --- -2.34.1 - diff --git a/perl-CPAN.spec b/perl-CPAN.spec index f864a0f..9829e02 100644 --- a/perl-CPAN.spec +++ b/perl-CPAN.spec @@ -9,8 +9,8 @@ %endif Name: perl-CPAN -Version: 2.29 -Release: 3%{?dist} +Version: 2.33 +Release: 1%{?dist} Summary: Query, download and build perl modules from CPAN sites License: GPL+ or Artistic URL: https://metacpan.org/release/CPAN @@ -19,9 +19,6 @@ Source0: https://cpan.metacpan.org/authors/id/A/AN/ANDK/CPAN-%{version}.t Patch0: CPAN-2.18-Attemp-to-create-site-library-directories-on-first-t.patch # Change configuration directory name Patch1: CPAN-2.18-Replace-configuration-directory-string-with-a-marke.patch -# Some syntax fixes -Patch2: CPAN-2.32-s-gpg-gpg-in-system-add-quotes-where-needed.patch -Patch3: CPAN-2.32-s-dev-null-devnull.patch BuildArch: noarch BuildRequires: coreutils BuildRequires: findutils @@ -118,6 +115,7 @@ BuildRequires: perl(Module::Build) # Tests: BuildRequires: perl(blib) # CPAN::Checksums not used +BuildRequires: perl(File::Which) BuildRequires: perl(FindBin) BuildRequires: perl(Pod::Usage) BuildRequires: perl(Test::More) @@ -209,9 +207,8 @@ Requires: perl(Digest::MD5) Requires: perl(Digest::SHA) Requires: perl(Dumpvalue) Requires: perl(ExtUtils::CBuilder) +# Optional for signature verification CVE-2020-16156 %if ! %{defined perl_bootstrap} -Requires: perl(IO::Socket::SSL) >= 1.56 -Requires: perl(Net::SSLeay) >= 1.49 Requires: perl(Module::Signature) %endif %if ! %{defined perl_bootstrap} @@ -262,8 +259,6 @@ with "%{_libexecdir}/%{name}/test". %setup -q -n CPAN-%{version} %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 # Change configuration name find -type f -exec perl -i -pe 's/XCPANCONFIGNAMEX/cpan/g' {} \; # Remove bundled modules @@ -333,6 +328,9 @@ make test %{_libexecdir}/%{name} %changelog +* Mon Apr 04 2022 Jitka Plesnikova - 2.33-1 +- 2.33 bump + * Wed Feb 09 2022 Jitka Plesnikova - 2.29-3 - Package tests diff --git a/sources b/sources index 0aeb189..29b6077 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (CPAN-2.29.tar.gz) = ef25f4575e41d11064e516739af95808d5d425fefb2693db1f91733e6d3064650273712325a0b862e8d88105c79d323e1f6f14430608effe0f2a04534d7213a1 +SHA512 (CPAN-2.33.tar.gz) = c86a4a5a0bf055fa6efc1f1fa2a96795d44711e3fe18668aaea6a769422a9430737f5ed843f320bdd7f58de8f5b203d1b265fc0963713d6a8d26e49c868ffd28