Hello community,
here is the log from the commit of package perl-Email-Address.3058 for
openSUSE:12.3:Update checked in at 2014-10-28 15:57:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/perl-Email-Address.3058 (Old)
and /work/SRC/openSUSE:12.3:Update/.perl-Email-Address.3058.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Email-Address.3058"
Changes:
--------
New Changes file:
--- /dev/null 2014-10-24 22:03:51.036034256 +0200
+++
/work/SRC/openSUSE:12.3:Update/.perl-Email-Address.3058.new/perl-Email-Address.changes
2014-10-28 15:57:47.000000000 +0100
@@ -0,0 +1,46 @@
+-------------------------------------------------------------------
+Mon Oct 6 20:31:50 UTC 2014 - [email protected]
+
+- bnc883225.patch: fix potential denial of service vulneraiblity
+ (CVE-2014-0477)(bnc#883225)
+
+-------------------------------------------------------------------
+Sun Nov 13 06:46:10 UTC 2011 - [email protected]
+
+- use original tar
+
+-------------------------------------------------------------------
+Tue Nov 30 19:20:11 UTC 2010 - [email protected]
+
+- switch to perl_requires macro
+
+-------------------------------------------------------------------
+Wed Nov 24 17:13:04 UTC 2010 - [email protected]
+
+- update to 1.892
+ o revert all behavior to 1.889
+- 1.891 2010-08-30
+ o rework domainless address feature to work on perl5.8 (Alex Vandiver)
+- 1.890 2010-08-22
+ o allow domainless addresses (if requested) (thanks, Alex Vandiver)
+- created by cpanspec 1.78
+ o fix deps
+- noarch pkg
+
+-------------------------------------------------------------------
+Sat Dec 26 18:40:00 UTC 2009 - [email protected]
+
+- added URL
+
+-------------------------------------------------------------------
+Tue Nov 24 19:37:41 CET 2009 - [email protected]
+
+- Upgrade to latest version 1.889
+- Add build requirements (Test::Pod, Test::Pod::Coverage) to allow all
+ tests to run
+
+-------------------------------------------------------------------
+Fri Sep 14 00:00:00 CET 2007 - James Oakley <[email protected]> - 1.888-1
+
+- Initial release
+
New:
----
Email-Address-1.892.tar.gz
bnc883225.patch
perl-Email-Address.changes
perl-Email-Address.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Email-Address.spec ++++++
#
# spec file for package perl-Email-Address
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%bcond_with pod
Name: perl-Email-Address
%define cpan_name Email-Address
Summary: RFC 2822 Address Parsing and Creation
License: GPL-1.0+ or Artistic-1.0
Group: Development/Libraries/Perl
Version: 1.892
Release: 0
Url: http://search.cpan.org/dist/Email-Address/
Source:
http://www.cpan.org/authors/id/R/RJ/RJBS/Email-Address-1.892.tar.gz
# PATCH-FIX-OPENSUSE bnc883225.patch bnc#883225
Patch1: bnc883225.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{perl_requires}
BuildRequires: perl
BuildRequires: perl-macros
%if %{with pod}
BuildRequires: perl(Test::Pod) >= 1.14
BuildRequires: perl(Test::Pod::Coverage) >= 1.08
%endif
BuildRequires: perl(Test::More) >= 0.47
#
%description
This class implements a regex-based RFC 2822 parser that locates email
addresses in strings and returns a list of 'Email::Address' objects found.
Alternatley you may construct objects manually. The goal of this software
is to be correct, and very very fast.
Authors:
--------
Originally by Casey West, <[email protected]_>.
Maintained, 2006-2007, Ricardo SIGNES <[email protected]_>.
%prep
%setup -q -n %{cpan_name}-%{version}
%patch1 -p1
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
%{__make} %{?_smp_mflags}
%check
%{__make} test
%install
%perl_make_install
### since 11.4 perl_process_packlist
### removes .packlist, perllocal.pod files
%if 0%{?suse_version} > 1130
%perl_process_packlist
%else
# do not perl_process_packlist
# remove .packlist file
%{__rm} -rf $RPM_BUILD_ROOT%perl_vendorarch
# remove perllocal.pod file
%{__rm} -f $RPM_BUILD_ROOT%perl_archlib/perllocal.pod
%endif
%perl_gen_filelist
%clean
%{__rm} -rf $RPM_BUILD_ROOT
%files -f %{name}.files
%defattr(-,root,root,-)
%doc Changes LICENSE README
%changelog
++++++ bnc883225.patch ++++++
From: T.M. Abraham <[email protected]>
Date: 2014-10-07 09:17:43.907170813 -0400
Subject: Denial-of-Service in Email::Address::parse (CVE-2014-0477)
References: bnc#883225 CVE-2014-0477
Upstream: No
Email::Address::parse uses significant time on parsing empty quoted string
---
lib/Email/Address.pm | 14 +++++++++++---
t/tests.t | 12 +++++++++++-
2 files changed, 22 insertions(+), 4 deletions(-)
--- Email-Address-1.892/lib/Email/Address.pm 2010-09-03 18:51:37.000000000
-0400
+++ Email-Address-1.892/lib/Email/Address.pm 2014-10-06 18:11:24.358889287
-0400
@@ -63,7 +63,7 @@
my $qtext = qr/[^\\"]/;
my $qcontent = qr/$qtext|$quoted_pair/;
-my $quoted_string = qr/$cfws*"$qcontent+"$cfws*/;
+my $quoted_string = qr/$cfws*"$qcontent*"$cfws*/;
my $word = qr/$atom|$quoted_string/;
@@ -134,7 +134,7 @@
$addr_spec = qr/$local_part\@$domain/;
$angle_addr = qr/$cfws*<$addr_spec>$cfws*/;
-$name_addr = qr/$display_name?$angle_addr/;
+$name_addr = qr/(?>$display_name?)$angle_addr/;
$mailbox = qr/(?:$name_addr|$addr_spec)$comment*/;
sub _PHRASE () { 0 }
@@ -143,6 +143,14 @@
sub _ORIGINAL () { 3 }
sub _IN_CACHE () { 4 }
+sub __dump {
+ return {
+ phrase => $_[0][_PHRASE],
+ address => $_[0][_ADDRESS],
+ comment => $_[0][_COMMENT],
+ original => $_[0][_ORIGINAL],
+ }
+}
=head2 Class Methods
=over 4
@@ -211,7 +219,7 @@
s/$comment//go if @comments;
my ($user, $host, $com);
- ($user, $host) = ($1, $2) if s/<($local_part)\@($domain)>//o;
+ ($user, $host) = ($1, $2) if s/<($local_part)\@($domain)>\s*\z//o;
if (! defined($user) || ! defined($host)) {
s/($local_part)\@($domain)//o;
($user, $host) = ($1, $2);
--- Email-Address-1.892/t/tests.t 2010-09-03 18:51:37.000000000 -0400
+++ Email-Address-1.892/t/tests.t 2014-10-06 18:15:38.163871932 -0400
@@ -678,7 +678,7 @@
'"<advocacy-- ATAT --p.example.org>" <advocacy-- ATAT --p.example.org>',
[
[
- 'advocacy',
+ '<advocacy-- ATAT --p.example.org>',
'advocacy-- ATAT --p.example.org',
undef
]
@@ -1618,6 +1618,16 @@
undef,
],
],
+ [
+ q{"<fake-- ATAT --bogus.biz>" <real-- ATAT --actual.mil>},
+ [
+ [
+ '<fake-- ATAT --bogus.biz>',
+ 'real-- ATAT --actual.mil',
+ undef,
+ ],
+ ],
+ ],
]
);
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
