6 changed files with 76 additions and 102 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/CPAN-2.29.tar.gz
+SOURCES/CPAN-2.36.tar.gz
--- a/.perl-CPAN.metadata
+++ b/.perl-CPAN.metadata
@ -1 +1 @@
-de996cc835df14685145bb52fea041d53ba59497 SOURCES/CPAN-2.29.tar.gz
+cb072466d57fec20488c0b860099733cca48e17e SOURCES/CPAN-2.36.tar.gz
--- a/SOURCES/CPAN-2.32-s-dev-null-devnull.patch
+++ b/SOURCES/CPAN-2.32-s-dev-null-devnull.patch
@ -1,26 +0,0 @@
-From 89b13baf1d46e4fb10023af30ef305efec4fd603 Mon Sep 17 00:00:00 2001
-From: Andreas Koenig <andk@cpan.org>
-Date: Wed, 12 Jan 2022 21:53:35 +0100
-Subject: [PATCH 2/2] s,/dev/null,$devnull,
-
- another thanks to Tomas Hoger for spotting that
---
- lib/CPAN/Distribution.pm | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/CPAN/Distribution.pm b/lib/CPAN/Distribution.pm
-index d837b8ad..6ca1b434 100644
--- a/lib/CPAN/Distribution.pm
-+++ b/lib/CPAN/Distribution.pm
-@@ -1554,7 +1554,7 @@ sub CHECKSUM_check_file {
-         my $devnull = File::Spec->devnull;
-         my $gpg = $CPAN::Config->{gpg} or
-             $CPAN::Frontend->mydie("Your configuration suggests that you do not have 'gpg' installed. This is needed to verify checksums with the config variable 'check_sigs' on. Please configure it with 'o conf init gpg'");
-        my $system = qq{"$gpg" --verify --batch --no-tty --output "$tempfile" "$chk_file" 2> "/dev/null"};
-+        my $system = qq{"$gpg" --verify --batch --no-tty --output "$tempfile" "$chk_file" 2> "$devnull"};
-         0 == system $system or $CPAN::Frontend->mydie("gpg run was failing, cannot continue: $system");
-         open $fh, $tempfile or $CPAN::Frontend->mydie("Could not open $tempfile: $!");
-         local $/;
-- 
-2.34.1
-
--- a/SOURCES/CPAN-2.32-s-gpg-gpg-in-system-add-quotes-where-needed.patch
+++ b/SOURCES/CPAN-2.32-s-gpg-gpg-in-system-add-quotes-where-needed.patch
@ -1,29 +0,0 @@
-From 7d4d5e32bcd9b75f7bf70a395938a48ca4a06d25 Mon Sep 17 00:00:00 2001
-From: Andreas Koenig <andk@cpan.org>
-Date: Mon, 10 Jan 2022 21:47:30 +0100
-Subject: [PATCH 1/2] s/gpg/$gpg/ in system, add quotes where needed
-
- thanks to Tomas Hoger for spotting the missing sigil
---
- lib/CPAN/Distribution.pm | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/CPAN/Distribution.pm b/lib/CPAN/Distribution.pm
-index b262b6f6..d837b8ad 100644
--- a/lib/CPAN/Distribution.pm
-+++ b/lib/CPAN/Distribution.pm
-@@ -1551,9 +1551,10 @@ sub CHECKSUM_check_file {
-         }
-         my $tempfile = File::Spec->catfile($tempdir, "CHECKSUMS.$$");
-         unlink $tempfile; # ignore missing file
-+        my $devnull = File::Spec->devnull;
-         my $gpg = $CPAN::Config->{gpg} or
-             $CPAN::Frontend->mydie("Your configuration suggests that you do not have 'gpg' installed. This is needed to verify checksums with the config variable 'check_sigs' on. Please configure it with 'o conf init gpg'");
-        my $system = "gpg --verify --batch --no-tty --output $tempfile $chk_file 2> /dev/null";
-+        my $system = qq{"$gpg" --verify --batch --no-tty --output "$tempfile" "$chk_file" 2> "/dev/null"};
-         0 == system $system or $CPAN::Frontend->mydie("gpg run was failing, cannot continue: $system");
-         open $fh, $tempfile or $CPAN::Frontend->mydie("Could not open $tempfile: $!");
-         local $/;
-- 
-2.34.1
-
--- a/SOURCES/CPAN-2.35-Add-verify-SSL.patch
+++ b/SOURCES/CPAN-2.35-Add-verify-SSL.patch
@ -1,13 +0,0 @@
-Add verify_SSL=>1 to HTTP::Tiny to verify https server identity (Stig Palmquist)
-
-diff -u -r CPAN-2.29.orig/lib/CPAN/HTTP/Client.pm CPAN-2.29/lib/CPAN/HTTP/Client.pm
--- CPAN-2.29.orig/lib/CPAN/HTTP/Client.pm	2023-08-01 16:19:19.216625710 +0200
-+++ CPAN-2.29/lib/CPAN/HTTP/Client.pm	2023-08-01 16:28:29.323221118 +0200
-@@ -32,6 +32,7 @@
- 
-     my $want_proxy = $self->_want_proxy($uri);
-     my $http = HTTP::Tiny->new(
-+        verify_SSL => 1,
-         $want_proxy ? (proxy => $self->{proxy}) : ()
-     );
- 
--- a/SPECS/perl-CPAN.spec
+++ b/SPECS/perl-CPAN.spec
@ -9,21 +9,16 @@
 %endif

 Name:           perl-CPAN
-Version:        2.29
-Release:        3%{?dist}
+Version:        2.36
+Release:        511%{?dist}
 Summary:        Query, download and build perl modules from CPAN sites
-License:        GPL+ or Artistic
+License:        GPL-1.0-or-later OR Artistic-1.0-Perl
 URL:            https://metacpan.org/release/CPAN
 Source0:        https://cpan.metacpan.org/authors/id/A/AN/ANDK/CPAN-%{version}.tar.gz
 # Create site paths for the first time, bug #1158873, CPAN RT#99905
 Patch0:         CPAN-2.18-Attemp-to-create-site-library-directories-on-first-t.patch
 # Change configuration directory name
 Patch1:         CPAN-2.18-Replace-configuration-directory-string-with-a-marke.patch
-# Some syntax fixes
-Patch2:         CPAN-2.32-s-gpg-gpg-in-system-add-quotes-where-needed.patch
-Patch3:         CPAN-2.32-s-dev-null-devnull.patch
-# CVE-2023-31484 - Add verify_SSL => 1
-Patch4:         CPAN-2.35-Add-verify-SSL.patch
 BuildArch:      noarch
 BuildRequires:  coreutils
 BuildRequires:  findutils
@ -120,6 +115,7 @@ BuildRequires:  perl(Module::Build)
 # Tests:
 BuildRequires:  perl(blib)
 # CPAN::Checksums not used
+BuildRequires:  perl(File::Which)
 BuildRequires:  perl(FindBin)
 BuildRequires:  perl(Pod::Usage)
 BuildRequires:  perl(Test::More)
@ -159,7 +155,6 @@ BuildRequires:  perl(YAML) >= 0.60
 %endif

 Requires:       make
-Requires:       perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 # Some subpackages modules are not dual-lived. E.g. "open". If a distribution
 # on CPAN declares a dependency on such a module, CPAN client will fail
 # because the only provider is perl distribution.
@ -211,9 +206,8 @@ Requires:       perl(Digest::MD5)
 Requires:       perl(Digest::SHA)
 Requires:       perl(Dumpvalue)
 Requires:       perl(ExtUtils::CBuilder)
+# Optional for signature verification CVE-2020-16156
 %if ! %{defined perl_bootstrap}
-Requires:       perl(IO::Socket::SSL) >= 1.56
-Requires:       perl(Net::SSLeay) >= 1.49
 Requires:       perl(Module::Signature)
 %endif
 %if ! %{defined perl_bootstrap}
@ -262,11 +256,8 @@ with "%{_libexecdir}/%{name}/test".

 %prep
 %setup -q -n CPAN-%{version}
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
+%patch -P0 -p1
+%patch -P1 -p1
 # Change configuration name
 find -type f -exec perl -i -pe 's/XCPANCONFIGNAMEX/cpan/g' {} \;
 # Remove bundled modules
@ -327,31 +318,82 @@ make test

 %files
 %doc Changes PAUSE*.pub README Todo
-%{_bindir}/*
-%{perl_vendorlib}/*
-%{_mandir}/man1/*
-%{_mandir}/man3/*
+%{_bindir}/cpan*
+%{perl_vendorlib}/App*
+%{perl_vendorlib}/CPAN*
+%{_mandir}/man1/cpan*
+%{_mandir}/man3/App*
+%{_mandir}/man3/CPAN*

 %files tests
 %{_libexecdir}/%{name}

 %changelog
-* Tue Aug 01 2023 Michal Josef Špaček <mspacek@redhat.com> - 2.29-3
- Resolves: rhbz#2218907 - Fix CVE-2023-31484
+* Fri Aug 09 2024 Jitka Plesnikova <jplesnik@redhat.com> - 2.36-511
+- Perl 5.40 re-rebuild of bootstrapped packages

-* Wed Feb 16 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.29-2
- Resolves: rhbz#2037211 - Enable gating
+* Thu Jul 18 2024 Jitka Plesnikova <jplesnik@redhat.com> - 2.36-510
+- Increase release to favour standalone package
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.36-504
+- Bump release for June 2024 mass rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.36-503
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.36-502
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.36-501
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Jul 12 2023 Jitka Plesnikova <jplesnik@redhat.com> - 2.36-500
+- Perl 5.38 re-rebuild of bootstrapped packages
+
+* Tue Jul 11 2023 Jitka Plesnikova <jplesnik@redhat.com> - 2.36-499
+- Increase release to favour standalone package
+
+* Mon May 15 2023 Jitka Plesnikova <jplesnik@redhat.com> - 2.36-1
+- 2.36 bump
+
+* Tue May 02 2023 Jitka Plesnikova <jplesnik@redhat.com> - 2.35-1
+- 2.35 bump

-* Mon Feb 07 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.29-1
- 2.29 bump; Package tests
- Resolves: rhbz#2037211
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.34-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.28-8
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.34-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.28-7
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Fri Jun 03 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.34-3
+- Perl 5.36 re-rebuild of bootstrapped packages
+
+* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.34-2
+- Perl 5.36 rebuild
+
+* Wed Apr 20 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.34-1
+- 2.34 bump
+
+* Mon Apr 04 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.33-1
+- 2.33 bump
+
+* Wed Feb 09 2022 Jitka Plesnikova <jplesnik@redhat.com> - 2.29-3
+- Package tests
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.29-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Dec 16 2021 Jitka Plesnikova <jplesnik@redhat.com> - 2.29-1
+- 2.29 bump
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.28-479
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon May 24 2021 Jitka Plesnikova <jplesnik@redhat.com> - 2.28-478
+- Perl 5.34 re-rebuild of bootstrapped packages
+
+* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 2.28-477
+- Increase release to favour standalone package

 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.28-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild