Add patches for CVE-2024-45321, add curl to depends (!1) · Merge requests · Arch Linux / Packaging / Packages / cpanminus · GitLab

Due to an influx of spam, we have had to temporarily disable account registrations. Please write an email to accountsupport@archlinux.org, with your desired username, if you want to get access. Sorry for the inconvenience.

Stig P requested to merge stigtsp/cpanminus:patch-CVE-2024-45321 into main Oct 02, 2024

Replace insecure http:// endpoints with https://. A patch file is not convenient as cpanminus is distributed as a fatpacked executable.
Disable LWP::UserAgent as well, since it will fail if LWP::Protocol::https is not installed.
Add dependency on curl, since cpanminus will fail over to it after LWP is disabled.