Hello community,
here is the log from the commit of package perl-Apache-AuthCookie for
openSUSE:Factory checked in at 2020-03-24 22:37:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Apache-AuthCookie (Old)
and /work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Apache-AuthCookie"
Tue Mar 24 22:37:42 2020 rev:28 rq:787930 version:3.29
Changes:
--------
---
/work/SRC/openSUSE:Factory/perl-Apache-AuthCookie/perl-Apache-AuthCookie.changes
2019-11-20 12:38:07.229790367 +0100
+++
/work/SRC/openSUSE:Factory/.perl-Apache-AuthCookie.new.3160/perl-Apache-AuthCookie.changes
2020-03-24 22:39:10.629288710 +0100
@@ -1,0 +2,17 @@
+Mon Mar 23 03:07:11 UTC 2020 - <[email protected]>
+
+- updated to 3.29
+ see /usr/share/doc/packages/perl-Apache-AuthCookie/Changes
+
+ 3.29 2020-03-22
+ - Add optional support for enforcing a local destination, like so:
+
+ PerlSetVar MyAuthEnforceLocalDestination 1
+
+ - Add optional support for specifying a default destination when the login
+ form's destination argument is unspecified or invalid (including
+ non-local if local destinations are enforced), like this:
+
+ PerlSetVar MyAuthDefaultDestination /protected/user/
+
+-------------------------------------------------------------------
Old:
----
Apache-AuthCookie-3.28.tar.gz
New:
----
Apache-AuthCookie-3.29.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Apache-AuthCookie.spec ++++++
--- /var/tmp/diff_new_pack.yNDLgD/_old 2020-03-24 22:39:11.261289017 +0100
+++ /var/tmp/diff_new_pack.yNDLgD/_new 2020-03-24 22:39:11.265289019 +0100
@@ -1,7 +1,7 @@
#
# spec file for package perl-Apache-AuthCookie
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: perl-Apache-AuthCookie
-Version: 3.28
+Version: 3.29
Release: 0
%define cpan_name Apache-AuthCookie
Summary: Perl Authentication and Authorization via cookies
@@ -35,12 +35,14 @@
BuildRequires: perl(HTTP::Body)
BuildRequires: perl(Hash::MultiValue)
BuildRequires: perl(Test::More) >= 0.94
+BuildRequires: perl(URI) >= 1.36
BuildRequires: perl(URI::Escape) >= 1.31
BuildRequires: perl(WWW::Form::UrlEncoded)
Requires: perl(Class::Load) >= 0.03
Requires: perl(HTTP::Body)
Requires: perl(Hash::MultiValue)
Requires: perl(Test::More) >= 0.94
+Requires: perl(URI) >= 1.36
Requires: perl(WWW::Form::UrlEncoded)
Recommends: perl(WWW::Form::UrlEncoded::XS)
%{perl_requires}
@@ -205,7 +207,7 @@
%prep
%setup -q -n %{cpan_name}-%{version}
-find . -type f ! -path "*/t/*" ! -name "*.pl" ! -name "*.sh" ! -path "*/bin/*"
! -path "*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644
+find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path
"*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644
%build
perl Makefile.PL INSTALLDIRS=vendor
++++++ Apache-AuthCookie-3.28.tar.gz -> Apache-AuthCookie-3.29.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/Changes
new/Apache-AuthCookie-3.29/Changes
--- old/Apache-AuthCookie-3.28/Changes 2019-11-19 16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/Changes 2020-03-22 20:37:20.000000000 +0100
@@ -1,5 +1,16 @@
Revision history for Apache::AuthCookie
+3.29 2020-03-22
+ - Add optional support for enforcing a local destination, like so:
+
+ PerlSetVar MyAuthEnforceLocalDestination 1
+
+ - Add optional support for specifying a default destination when the login
+ form's destination argument is unspecified or invalid (including
+ non-local if local destinations are enforced), like this:
+
+ PerlSetVar MyAuthDefaultDestination /protected/user/
+
3.28 2019-11-19
- Add support for SameSite cookie property (can be strict/lax).
- Minor POD updates.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/MANIFEST
new/Apache-AuthCookie-3.29/MANIFEST
--- old/Apache-AuthCookie-3.28/MANIFEST 2019-11-19 16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/MANIFEST 2020-03-22 20:37:20.000000000 +0100
@@ -20,6 +20,7 @@
lib/Apache2/AuthCookie/Base.pm
lib/Apache2/AuthCookie/Params.pm
lib/Apache2_4/AuthCookie.pm
+scripts/docker-smoke
scripts/perlbrew-smoke
t/Skeleton/AuthCookieHandler.pm
t/TEST.PL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/META.json
new/Apache-AuthCookie-3.29/META.json
--- old/Apache-AuthCookie-3.28/META.json 2019-11-19 16:36:52.000000000
+0100
+++ new/Apache-AuthCookie-3.29/META.json 2020-03-22 20:37:20.000000000
+0100
@@ -43,6 +43,7 @@
"HTTP::Body" : "0",
"Hash::MultiValue" : "0",
"Test::More" : "0.94",
+ "URI" : "1.36",
"WWW::Form::UrlEncoded" : "0"
}
},
@@ -55,39 +56,39 @@
"provides" : {
"Apache2::AuthCookie" : {
"file" : "lib/Apache2/AuthCookie.pm",
- "version" : "3.28"
+ "version" : "3.29"
},
"Apache2::AuthCookie::Base" : {
"file" : "lib/Apache2/AuthCookie/Base.pm",
- "version" : "3.28"
+ "version" : "3.29"
},
"Apache2::AuthCookie::Params" : {
"file" : "lib/Apache2/AuthCookie/Params.pm",
- "version" : "3.28"
+ "version" : "3.29"
},
"Apache2_4::AuthCookie" : {
"file" : "lib/Apache2_4/AuthCookie.pm",
- "version" : "3.28"
+ "version" : "3.29"
},
"Apache::AuthCookie" : {
"file" : "lib/Apache/AuthCookie.pm",
- "version" : "3.28"
+ "version" : "3.29"
},
"Apache::AuthCookie::Params" : {
"file" : "lib/Apache/AuthCookie/Params.pm",
- "version" : "3.28"
+ "version" : "3.29"
},
"Apache::AuthCookie::Params::Base" : {
"file" : "lib/Apache/AuthCookie/Params/Base.pm",
- "version" : "3.28"
+ "version" : "3.29"
},
"Apache::AuthCookie::Params::CGI" : {
"file" : "lib/Apache/AuthCookie/Params/CGI.pm",
- "version" : "3.28"
+ "version" : "3.29"
},
"Apache::AuthCookie::Util" : {
"file" : "lib/Apache/AuthCookie/Util.pm",
- "version" : "3.28"
+ "version" : "3.29"
}
},
"release_status" : "stable",
@@ -102,7 +103,7 @@
"web" : "https://github.com/mschout/apache-authcookie";
}
},
- "version" : "3.28",
+ "version" : "3.29",
"x_generated_by_perl" : "v5.26.2",
"x_serialization_backend" : "Cpanel::JSON::XS version 4.04"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/META.yml
new/Apache-AuthCookie-3.29/META.yml
--- old/Apache-AuthCookie-3.28/META.yml 2019-11-19 16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/META.yml 2020-03-22 20:37:20.000000000 +0100
@@ -17,31 +17,31 @@
provides:
Apache2::AuthCookie:
file: lib/Apache2/AuthCookie.pm
- version: '3.28'
+ version: '3.29'
Apache2::AuthCookie::Base:
file: lib/Apache2/AuthCookie/Base.pm
- version: '3.28'
+ version: '3.29'
Apache2::AuthCookie::Params:
file: lib/Apache2/AuthCookie/Params.pm
- version: '3.28'
+ version: '3.29'
Apache2_4::AuthCookie:
file: lib/Apache2_4/AuthCookie.pm
- version: '3.28'
+ version: '3.29'
Apache::AuthCookie:
file: lib/Apache/AuthCookie.pm
- version: '3.28'
+ version: '3.29'
Apache::AuthCookie::Params:
file: lib/Apache/AuthCookie/Params.pm
- version: '3.28'
+ version: '3.29'
Apache::AuthCookie::Params::Base:
file: lib/Apache/AuthCookie/Params/Base.pm
- version: '3.28'
+ version: '3.29'
Apache::AuthCookie::Params::CGI:
file: lib/Apache/AuthCookie/Params/CGI.pm
- version: '3.28'
+ version: '3.29'
Apache::AuthCookie::Util:
file: lib/Apache/AuthCookie/Util.pm
- version: '3.28'
+ version: '3.29'
recommends:
WWW::Form::UrlEncoded::XS: '0'
requires:
@@ -51,11 +51,12 @@
HTTP::Body: '0'
Hash::MultiValue: '0'
Test::More: '0.94'
+ URI: '1.36'
WWW::Form::UrlEncoded: '0'
resources:
bugtracker: https://github.com/mschout/apache-authcookie/issues
homepage: https://github.com/mschout/apache-authcookie
repository: https://github.com/mschout/apache-authcookie.git
-version: '3.28'
+version: '3.29'
x_generated_by_perl: v5.26.2
x_serialization_backend: 'YAML::Tiny version 1.73'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/Makefile.PL
new/Apache-AuthCookie-3.29/Makefile.PL
--- old/Apache-AuthCookie-3.28/Makefile.PL 2019-11-19 16:36:52.000000000
+0100
+++ new/Apache-AuthCookie-3.29/Makefile.PL 2020-03-22 20:37:20.000000000
+0100
@@ -32,12 +32,13 @@
"HTTP::Body" => 0,
"Hash::MultiValue" => 0,
"Test::More" => "0.94",
+ "URI" => "1.36",
"WWW::Form::UrlEncoded" => 0
},
"TEST_REQUIRES" => {
"URI::Escape" => "1.31"
},
- "VERSION" => "3.28",
+ "VERSION" => "3.29",
"clean" => {
"FILES" => [
"t/TEST"
@@ -55,6 +56,7 @@
"HTTP::Body" => 0,
"Hash::MultiValue" => 0,
"Test::More" => "0.94",
+ "URI" => "1.36",
"URI::Escape" => "1.31",
"WWW::Form::UrlEncoded" => 0
);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/SIGNATURE
new/Apache-AuthCookie-3.29/SIGNATURE
--- old/Apache-AuthCookie-3.28/SIGNATURE 2019-11-19 16:36:52.000000000
+0100
+++ new/Apache-AuthCookie-3.29/SIGNATURE 2020-03-22 20:37:20.000000000
+0100
@@ -14,32 +14,33 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
-SHA1 fe72ac1f2889686a810cd2de3e09c3aefa7f52e7 Changes
+SHA1 31ba629ca96ebda7b1709508f0fc8bf9677d8e3c Changes
SHA1 cb36dd242de6d18cd64c4b55444347ebf09e43e7 LICENSE
-SHA1 def2e0aaac81605fb2882534da78860f2f3a6d06 MANIFEST
+SHA1 34c525c30df8894d182381be05efa0199f71974b MANIFEST
SHA1 0ff75e1a6186d7274e76387884eca541fdd5ca4a MANIFEST.SKIP
-SHA1 b3fb49bc74ad5ef515d5daaf288469a21eca0a1a META.json
-SHA1 e52c3b60a1c1a46c197bbfbaab54d1cd1152e409 META.yml
-SHA1 7e82961d4f23d5d33785c700d036b8c3b11f87ba Makefile.PL
+SHA1 27e6db2262b210a23ef9d9caa1e048663c962c2d META.json
+SHA1 819cd9960e3a776170ab825bd1705d7567372342 META.yml
+SHA1 0b7f5458f3dcf34807bbc02dccc1873f9e438907 Makefile.PL
SHA1 b9945378262a25db34dcdba06da956a52876188b README
SHA1 f9d2e5d4bcafb4b3d73b0a1f390aa25579cafbd2 README.apache-2.4.pod
SHA1 ccbc46a0385aabadd1e6f4a22f8d4ebb11b44901 README.modperl2
-SHA1 e5b590c4028e31fc4e2e05d0d790c951505ca76c lib/Apache/AuthCookie.pm
-SHA1 a5a155c7c1114bd1521b166fe2289b6d8defcc8f lib/Apache/AuthCookie/FAQ.pod
-SHA1 5591f3a83dcfd292b018f8dcfd75d32378627468 lib/Apache/AuthCookie/Params.pm
-SHA1 8b96d310e565562e1c131cdb2e9e97741aa82579
lib/Apache/AuthCookie/Params/Base.pm
-SHA1 61d90732b1757078c17ac45199ca5e6797ab79eb
lib/Apache/AuthCookie/Params/CGI.pm
-SHA1 2e4d31e8fffef85465c6567ea7311dc515a058dc lib/Apache/AuthCookie/Util.pm
-SHA1 4c9362a58bea52476dffda3a48d9d628ee61166a lib/Apache2/AuthCookie.pm
-SHA1 6c515c233a85b35b208b6a0b77a6ebf2b694a871 lib/Apache2/AuthCookie/Base.pm
-SHA1 026f7f258bb85168c4a8fcde905e58508728f397 lib/Apache2/AuthCookie/Params.pm
-SHA1 33026bb4f30abe1d5a2afd8827dd6f4d6d1bcef7 lib/Apache2_4/AuthCookie.pm
+SHA1 27e39d8407824657f07f031634152a1383099fd5 lib/Apache/AuthCookie.pm
+SHA1 80a91eddb5f9f4ad387ed574379ab35cc4c1dd2d lib/Apache/AuthCookie/FAQ.pod
+SHA1 8b95c211543c7e6268b50873adfb8deaad2ed537 lib/Apache/AuthCookie/Params.pm
+SHA1 3df3ec40ae5d9e92e5f2a2567e8372785a6b6061
lib/Apache/AuthCookie/Params/Base.pm
+SHA1 8d5b7a5762c874a127420df1741ea60b04dbdfa0
lib/Apache/AuthCookie/Params/CGI.pm
+SHA1 10c92d998b8d6963045a0290eebeae461f342340 lib/Apache/AuthCookie/Util.pm
+SHA1 18b3e60144534176328e04cd0ebf6883ed7b8af0 lib/Apache2/AuthCookie.pm
+SHA1 e4b9406d8668147e6be8254aa326a4873b17c73d lib/Apache2/AuthCookie/Base.pm
+SHA1 cb19296a1431e866f35e0cffe5cb3bcd9fe9cafd lib/Apache2/AuthCookie/Params.pm
+SHA1 43d7023fd161d9e4bf3d4aaee39c894af0d9374f lib/Apache2_4/AuthCookie.pm
+SHA1 202ecf6a31c02ad029aa6e372ece61a935dd74bf scripts/docker-smoke
SHA1 fee15f1cd6c3fe17e8370838aafe6d54bfd72611 scripts/perlbrew-smoke
SHA1 3ac8de46e7bba83f6969caec3c9c14cbd99881cb t/Skeleton/AuthCookieHandler.pm
SHA1 b1f854e6edecbdd44fc7b8db719e0fe21d9340d1 t/TEST.PL
SHA1 8efad25309730a4d501fb40fc03eda4697303372 t/author-pod-syntax.t
SHA1 19cc343f8a85c6805bbeb02580487483a6283887 t/author-signature.t
-SHA1 fa77f587d29613a40b627846db67d69442c11ac0 t/conf/extra.conf.in
+SHA1 1f622a23011f98ead60d3bd0f5a64bf61a0540c0 t/conf/extra.conf.in
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/authall/get_me.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9 t/htdocs/docs/authany/get_me.html
SHA1 2156ea84b69ca7fef7b73d72a06c07cb145da7a9
t/htdocs/docs/cookiename/get_me.html
@@ -56,24 +57,24 @@
SHA1 b17cdb6e4dfb752901c2a9df5ce822a2d54b92b5
t/lib/Sample/Apache/AuthCookieHandler.pm
SHA1 9ba342e14a302d89f38ab063c56e5ae000a7595c
t/lib/Sample/Apache2/AuthCookieHandler.pm
SHA1 b19593e0dc51baa6a4d84bc27da2e53632ab8592
t/lib/Sample/Apache2_4/AuthCookieHandler.pm
-SHA1 28df698c77347acf6a6957bef1483d0c01ad282a t/real.t
+SHA1 a61e0019aa3d40fcef8954b1b58703a686c23102 t/real.t
SHA1 f0c37746e0277de1ddb62c9227628a5ebe5a777a t/signature.t
SHA1 e91bf0ef7d63322eaf15ca7d9907c6db47ce90ca t/startup.pl
SHA1 da33f704880ddd2596521c39be5b7b6a22913882 t/util.t
-----BEGIN PGP SIGNATURE-----
-iQJFBAEBCAAvFiEE2EtuRfhGgngE8PsARAzvLrlUzY4FAl3UDA8RHG1zY2hvdXRA
-Y3Bhbi5vcmcACgkQRAzvLrlUzY4vYxAAgBF2GxUwOVraAgI7NOxMVMS0VTWMy0Je
-ro/AsnjK2OwdA7RCcWzG3YT7QwElduROYLu5DkRrblibPjfiYGDs9J8Th5m7MLHp
-jmDYjAFJEviEHn0sRl0YfLdmcC7BXxR6ypstJg5DRugjJ+ekBdWBSPH5KQ04iDa+
-xZD/kWwglSn3QL3Q9ySJ0NsTYKQTlCMmxW2hVZubMQfz8TWNmMJ+ChxHO48yjXhu
-EHxVliK5ZC1eFSfuVD/UVjMIe/KSrYE5rr5Q9Bz8Nrf2BkDhCtIyvYs7is5v0Pki
-VQqiXG4tbYfjBUP73F3kswCMtHu3o4LSGBUnsPZvc2suhm+YbLcvPJF53KFDXWe1
-9ebVC8D7wx5zmAsSm2yUnirxWls4IzBTwaYCPYfy1cllAhvLhoDVkE09qgpsuSdx
-P8Tki1rZFcK1Zw8OsdALJIB0r/HZQHPRCPdmbR604+W2i/5ZTfyjNxE86ZrbQNVz
-xrmlxN8BLsH7/ezSw1X2ZDoMQLPjANm0l60ElljgkkMK5reqvbnGatFzBgj7fNec
-Oan7QAsf0ZXsh908apgBmNTMNG7KX0e2KHipeFN7E9g/wVq10MzAgKJq+PekZTty
-FkonaTfafOzKNr2LtTadR0/hvepP7hc1e5KH0Gy7bHizZAom5D5l/jmtiZkjGGno
-7wUilSo5T6s=
-=Pnp+
+iQJFBAEBCAAvFiEE2EtuRfhGgngE8PsARAzvLrlUzY4FAl53vnARHG1zY2hvdXRA
+Y3Bhbi5vcmcACgkQRAzvLrlUzY6rpRAApqUTgPXtRrzNcRZ86M70q/NgFmBNkiUB
+rEWoaITcUFbwbIYYq8RcoWTh04FAUAkHhsd8oiHLj+mj2OduQGWzM6Mo6rXQq0sR
+do12cF4f8aKeQBf/U1xtUe8fIL38hrEmehCghivfc9k/V8IFAUyEXjQbQMV0+7ex
+5OPBHr5gAVe1NzLuzqgsiDQGk+kW1BUW9P+r4qzB+yx0bOclFR/RuTn4wOuy64do
+P1tgCMKXr3hqFhk9VO+h+gOppNjUkaTM7zKVK+XeA42XXpBUPkH6843UpUehJzPG
+PyqvqVvDG9Dlr0Hj5uY3dKNJKtvpr13Taj188buhDo5ki1HM4m3q6W6lE0fMX06E
+rwwP0eWn3C5p/+jou6LKCqKPuiAQ2JWCVmCG5sG5Gk7jsNBa5uciKIVQbYNGoqAA
+PSXF9gd9Jbm0fLizRQgdFpvoIwoYCwLDTJegR5+xBYGH15W3q5r7+mM55oS4Zv1q
+VcwWEB96mHwdITlIqz3nhPVTUIcYdgaKmAALV5nwDpD1nnEePKhxTSGVZgKk9UsU
+qRSzB4lYDpADU2gI7pqzIwht6hZL3CqdEN5LeLlYwIQtXOD8iwQ3VSlRPRTDQIOx
+pcDyj8NWy35st1bnFX8wjnHTUzzB3ecZbJ6hIg+r/ZK64iSkCcGgzGnv65QKogJT
+XPqyiHnELjo=
+=qkgY
-----END PGP SIGNATURE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/FAQ.pod
new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/FAQ.pod
--- old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/FAQ.pod 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/FAQ.pod 2020-03-22
20:37:20.000000000 +0100
@@ -17,7 +17,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 DESCRIPTION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/Params/Base.pm
new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params/Base.pm
--- old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/Params/Base.pm
2019-11-19 16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params/Base.pm
2020-03-22 20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params::Base;
-$Apache::AuthCookie::Params::Base::VERSION = '3.28';
+$Apache::AuthCookie::Params::Base::VERSION = '3.29';
# ABSTRACT: Internal CGI AuthCookie Params Base Class
use strict;
@@ -57,7 +57,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/Params/CGI.pm
new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params/CGI.pm
--- old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/Params/CGI.pm
2019-11-19 16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params/CGI.pm
2020-03-22 20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params::CGI;
-$Apache::AuthCookie::Params::CGI::VERSION = '3.28';
+$Apache::AuthCookie::Params::CGI::VERSION = '3.29';
# ABSTRACT: Internal CGI Params Subclass
use strict;
@@ -182,7 +182,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/Params.pm
new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params.pm
--- old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/Params.pm 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Params.pm 2020-03-22
20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Params;
-$Apache::AuthCookie::Params::VERSION = '3.28';
+$Apache::AuthCookie::Params::VERSION = '3.29';
# ABSTRACT: AuthCookie Params Driver for mod_perl 1.x
use strict;
@@ -42,7 +42,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/Util.pm
new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Util.pm
--- old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie/Util.pm 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie/Util.pm 2020-03-22
20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache::AuthCookie::Util;
-$Apache::AuthCookie::Util::VERSION = '3.28';
+$Apache::AuthCookie::Util::VERSION = '3.29';
# ABSTRACT: Internal Utility Functions for AuthCookie
use strict;
@@ -106,7 +106,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 DESCRIPTION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie.pm
new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie.pm
--- old/Apache-AuthCookie-3.28/lib/Apache/AuthCookie.pm 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache/AuthCookie.pm 2020-03-22
20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache::AuthCookie;
-$Apache::AuthCookie::VERSION = '3.28';
+$Apache::AuthCookie::VERSION = '3.29';
# ABSTRACT: Perl Authentication and Authorization via cookies
use strict;
@@ -201,10 +201,30 @@
$self->_convert_to_get($r) if $r->method eq 'POST';
- unless (defined $params->param('destination')) {
- $r->log_error("No key 'destination' found in form data");
- $r->subprocess_env('AuthCookieReason', 'no_cookie');
- return $auth_type->login_form;
+ my $destination = $params->param('destination');
+ my $default_destination = $r->dir_config("${auth_name}DefaultDestination");
+
+ if (is_blank($destination)) {
+ if (!is_blank($default_destination)) {
+ $destination = $default_destination;
+ $r->log_error("destination set to $destination");
+ }
+ else {
+ $r->log_error("No key 'destination' found in form data");
+ $r->subprocess_env('AuthCookieReason', 'no_cookie');
+ return $auth_type->login_form;
+ }
+ }
+
+ if ($r->dir_config("${auth_name}EnforceLocalDestination")) {
+ if ($destination !~ m|^\s*/|) {
+ $r->log_error("non-local destination $destination detected for uri
",$r->uri);
+
+ unless (is_blank($default_destination)) {
+ $destination = $default_destination;
+ $r->log_error("destination changed to $destination");
+ }
+ }
}
# Get the credentials from the data posted by the client
@@ -224,7 +244,7 @@
unless ($ses_key) {
$r->log_error("Bad credentials") if $debug >= 2;
$r->subprocess_env('AuthCookieReason', 'bad_credentials');
- $r->uri($self->untaint_destination($params->param('destination')));
+ $r->uri($self->untaint_destination($destination));
return $auth_type->login_form;
}
@@ -241,8 +261,7 @@
$self->handle_cache;
- $r->header_out(
- "Location" =>
$self->untaint_destination($params->param('destination')));
+ $r->header_out(Location => $self->untaint_destination($destination));
return REDIRECT;
}
@@ -643,7 +662,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 SYNOPSIS
@@ -691,6 +710,14 @@
# of this should be
PerlSetVar WhatEverP3P "CP=\"...\""
+ # optional: enforce that the destination argument from the login form is
+ # local to the server
+ PerlSetVar WhatEverEnforceLocalDestination 1
+
+ # optional: specify a default destination for when the destination argument
+ # of the login form is invalid or unspecified
+ PerlSetVar WhatEverDefaultDestination /protected/user/
+
# These documents require user to be logged in.
<Location /protected>
AuthType Sample::Apache::AuthCookieHandler
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.28/lib/Apache2/AuthCookie/Base.pm
new/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie/Base.pm
--- old/Apache-AuthCookie-3.28/lib/Apache2/AuthCookie/Base.pm 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie/Base.pm 2020-03-22
20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache2::AuthCookie::Base;
-$Apache2::AuthCookie::Base::VERSION = '3.28';
+$Apache2::AuthCookie::Base::VERSION = '3.29';
# ABSTRACT: Common Methods Shared by Apache2 and Apache2_4 AuthCookie
Subclasses.
use strict;
@@ -268,10 +268,30 @@
$self->_convert_to_get($r);
}
- unless (defined $params->param('destination')) {
- $r->server->log_error("No key 'destination' found in form data");
- $r->subprocess_env('AuthCookieReason', 'no_cookie');
- return $auth_type->login_form($r);
+ my $default_destination = $r->dir_config("${auth_name}DefaultDestination");
+ my $destination = $params->param('destination');
+
+ if (is_blank($destination)) {
+ if (!is_blank($default_destination)) {
+ $destination = $default_destination;
+ $r->server->log_error("destination set to $destination");
+ }
+ else {
+ $r->server->log_error("No key 'destination' found in form data");
+ $r->subprocess_env('AuthCookieReason', 'no_cookie');
+ return $auth_type->login_form($r);
+ }
+ }
+
+ if ($r->dir_config("${auth_name}EnforceLocalDestination")) {
+ if ($destination !~ m|^\s*/|) {
+ $r->server->log_error("invalid destination $destination detected
for uri ",$r->uri);
+
+ unless (is_blank($default_destination)) {
+ $destination = $default_destination;
+ $r->server->log_error("destination changed to $destination");
+ }
+ }
}
# Get the credentials from the data posted by the client
@@ -291,7 +311,7 @@
unless ($ses_key) {
$r->server->log_error("Bad credentials") if $debug >= 2;
$r->subprocess_env('AuthCookieReason', 'bad_credentials');
- $r->uri($self->untaint_destination($params->param('destination')));
+ $r->uri($self->untaint_destination($destination));
return $auth_type->login_form($r);
}
@@ -305,11 +325,11 @@
$self->handle_cache($r);
if ($debug >= 2) {
- $r->server->log_error("redirect to ", $params->param('destination'));
+ $r->server->log_error("redirect to $destination");
}
$r->headers_out->set(
- "Location" =>
$self->untaint_destination($params->param('destination')));
+ "Location" => $self->untaint_destination($destination));
return HTTP_MOVED_TEMPORARILY;
}
@@ -541,7 +561,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 DESCRIPTION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Apache-AuthCookie-3.28/lib/Apache2/AuthCookie/Params.pm
new/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie/Params.pm
--- old/Apache-AuthCookie-3.28/lib/Apache2/AuthCookie/Params.pm 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie/Params.pm 2020-03-22
20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache2::AuthCookie::Params;
-$Apache2::AuthCookie::Params::VERSION = '3.28';
+$Apache2::AuthCookie::Params::VERSION = '3.29';
# ABSTRACT: AuthCookie Params Driver for mod_perl 2.x
use strict;
@@ -42,7 +42,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/lib/Apache2/AuthCookie.pm
new/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie.pm
--- old/Apache-AuthCookie-3.28/lib/Apache2/AuthCookie.pm 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache2/AuthCookie.pm 2020-03-22
20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache2::AuthCookie;
-$Apache2::AuthCookie::VERSION = '3.28';
+$Apache2::AuthCookie::VERSION = '3.29';
# ABSTRACT: Perl Authentication and Authorization via cookies
use strict;
@@ -118,7 +118,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 SYNOPSIS
@@ -176,6 +176,14 @@
# optional: enable decoding of httpd.conf "Requires" directives
PerlSetVar WhatEverRequiresEncoding UTF-8
+ # optional: enforce that the destination argument from the login form is
+ # local to the server
+ PerlSetVar WhatEverEnforceLocalDestination 1
+
+ # optional: specify a default destination for when the destination argument
+ # of the login form is invalid or unspecified
+ PerlSetVar WhatEverDefaultDestination /protected/user/
+
# These documents require user to be logged in.
<Location /protected>
AuthType Sample::Apache2::AuthCookieHandler
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/lib/Apache2_4/AuthCookie.pm
new/Apache-AuthCookie-3.29/lib/Apache2_4/AuthCookie.pm
--- old/Apache-AuthCookie-3.28/lib/Apache2_4/AuthCookie.pm 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/lib/Apache2_4/AuthCookie.pm 2020-03-22
20:37:20.000000000 +0100
@@ -1,5 +1,5 @@
package Apache2_4::AuthCookie;
-$Apache2_4::AuthCookie::VERSION = '3.28';
+$Apache2_4::AuthCookie::VERSION = '3.29';
# ABSTRACT: Perl Authentication and Authorization via cookies for Apache 2.4
use strict;
@@ -60,7 +60,7 @@
=head1 VERSION
-version 3.28
+version 3.29
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/scripts/docker-smoke
new/Apache-AuthCookie-3.29/scripts/docker-smoke
--- old/Apache-AuthCookie-3.28/scripts/docker-smoke 1970-01-01
01:00:00.000000000 +0100
+++ new/Apache-AuthCookie-3.29/scripts/docker-smoke 2020-03-22
20:37:20.000000000 +0100
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+cd $(dirname $0)/..
+
+cpanm -q --notest --installdeps .
+
+chown -R http:http .
+
+su -c 'perl Makefile.PL && make test' http
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/t/conf/extra.conf.in
new/Apache-AuthCookie-3.29/t/conf/extra.conf.in
--- old/Apache-AuthCookie-3.28/t/conf/extra.conf.in 2019-11-19
16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/t/conf/extra.conf.in 2020-03-22
20:37:20.000000000 +0100
@@ -23,6 +23,8 @@
PerlSetVar WhatEverCookieName Sample::AuthCookieHandler_WhatEver
PerlSetVar WhatEverEncoding UTF-8
PerlSetVar WhatEverRequiresEncoding UTF-8
+PerlSetVar WhatEverDefaultDestination /docs/protected/index.html
+PerlSetVar WhatEverEnforceLocalDestination On
<Directory @ServerRoot@>
AllowOverride All
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Apache-AuthCookie-3.28/t/real.t
new/Apache-AuthCookie-3.29/t/real.t
--- old/Apache-AuthCookie-3.28/t/real.t 2019-11-19 16:36:52.000000000 +0100
+++ new/Apache-AuthCookie-3.29/t/real.t 2020-03-22 20:37:20.000000000 +0100
@@ -16,7 +16,7 @@
Apache::TestRequest::user_agent( reset => 1, requests_redirectable => 0 );
-plan tests => 34, need_lwp;
+plan tests => 36, need_lwp;
ok 1, 'Test initialized';
@@ -446,10 +446,10 @@
plan tests => 1;
my $r = POST('/LOGIN', [
- destination => '"><form method="post">Embedded Form</form>'
+ destination => '/"><form method="post">Embedded Form</form>'
]);
- like $r->content, qr{"%22%3E%3Cform method=%22post%22%3EEmbedded
Form%3C/form%3E"};
+ like $r->content, qr{"/%22%3E%3Cform method=%22post%22%3EEmbedded
Form%3C/form%3E"};
};
# embedded script tags
@@ -537,6 +537,33 @@
is $body, 'programmer';
};
+# Test DefaultDestination
+subtest 'DefaultDestination' => sub {
+ plan tests => 1;
+
+ my $r = POST('/LOGIN', [
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/index.html',
+ 'redirected to default destination');
+};
+
+# Test EnforceLocalDestination
+subtest 'EnforceLocalDestination' => sub {
+ plan tests => 1;
+
+ my $r = POST('/LOGIN', [
+ destination => "http://metacpan.org/";,
+ credential_0 => 'programmer',
+ credential_1 => 'Hero'
+ ]);
+
+ is($r->header('Location'), '/docs/protected/index.html',
+ 'enforced local destination, redirected to default destination');
+};
+
# remove CR's from a string. Win32 apache apparently does line ending
# conversion, and that can cause test cases to fail because output does not
# match expected because expected has UNIX line endings, and OUTPUT has dos
