[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/, dev-perl/HTTP-Body/files/
commit: 0401373b18f97cad54dc4df9f9e5b131aee0aa76 Author: Andreas K. Hüttel gentoo org> AuthorDate: Thu May 2 02:10:10 2024 + Commit: Andreas K. Hüttel gentoo org> CommitDate: Thu May 2 02:10:48 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0401373b dev-perl/HTTP-Body: add 1.230.0 Signed-off-by: Andreas K. Hüttel gentoo.org> dev-perl/HTTP-Body/HTTP-Body-1.230.0.ebuild| 43 ++ dev-perl/HTTP-Body/Manifest| 1 + .../files/HTTP-Body-1.230.0-CVE-2013-4407.patch| 33 + 3 files changed, 77 insertions(+) diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.230.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.230.0.ebuild new file mode 100644 index ..4e35d76d651b --- /dev/null +++ b/dev-perl/HTTP-Body/HTTP-Body-1.230.0.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DIST_AUTHOR=GETTY +DIST_VERSION=1.23 +inherit perl-module + +DESCRIPTION="HTTP Body Parser" + +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +# HTTP::Headers -> HTTP-Message +# HTTP::Request::Common -> HTTP-Message +# IO::File -> IO +RDEPEND=" + virtual/perl-Carp + virtual/perl-Digest-MD5 + >=virtual/perl-File-Temp-0.140.0 + dev-perl/HTTP-Message + >=virtual/perl-IO-1.140.0 +" +BDEPEND="${RDEPEND} + virtual/perl-ExtUtils-MakeMaker + test? ( + virtual/perl-Encode + virtual/perl-File-Spec + >=virtual/perl-File-Temp-0.140.0 + dev-perl/HTTP-Message + dev-perl/Test-Deep + >=virtual/perl-Test-Simple-0.860.0 + ) +" + +PERL_RM_FILES=( + t/02pod.t + t/03podcoverage.t + t/04critic.t +) + +PATCHES=( "${FILESDIR}/${PN}-1.230.0-CVE-2013-4407.patch" ) diff --git a/dev-perl/HTTP-Body/Manifest b/dev-perl/HTTP-Body/Manifest index d2a831ea78f3..381c6924aeb3 100644 --- a/dev-perl/HTTP-Body/Manifest +++ b/dev-perl/HTTP-Body/Manifest @@ -1 +1,2 @@ DIST HTTP-Body-1.22.tar.gz 26163 BLAKE2B c6b2cf67fd9964fe253251dd91a67b11563c3cb157ad670733254acb3d44fcede97dcfb84d09ed52bc9f8cc60275838abd8f110aa01aed3bb18400bcc108b255 SHA512 62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe +DIST HTTP-Body-1.23.tar.gz 26980 BLAKE2B 2ad08b894a26a06089dff6294f978583d49ee5aa770fb195d01fc6db7a39bda0cb831ed5137afabbc75598e2dbe3fb8dd0681f688776270d01f99498abb17c23 SHA512 b02fb8652ceebdaa858ff12fe759ded62eefa7f23e5bf8b90e31a52d4433f13d29986f9646141b92a6a4ea58e1be007c6f675c3e2b26559fa0ff9333e69f3ebb diff --git a/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch b/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch new file mode 100644 index ..e4046ec3fec3 --- /dev/null +++ b/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch @@ -0,0 +1,33 @@ +Description: Allow only word characters in filename suffixes + CVE-2013-4407: Allow only word characters in filename suffixes. An + attacker able to upload files to a service that uses + HTTP::Body::Multipart could use this issue to upload a file and create + a specifically-crafted temporary filename on the server, that when + processed without further validation, could allow execution of commands + on the server. +Origin: vendor +Bug: https://rt.cpan.org/Ticket/Display.html?id=88342 +Bug-Debian: http://bugs.debian.org/721634 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669 +Forwarded: no +Author: Salvatore Bonaccorso +Last-Update: 2013-10-21 + +Updated by Andreas K. Huettel for HTTP-Body-1.19 +Updated by Andreas K. Huettel for HTTP-Body-1.23 + This version has a fix for the CVE, but the stricter regexp has served + us well so far... + +diff -ruN HTTP-Body-1.23.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.23/lib/HTTP/Body/MultiPart.pm +--- HTTP-Body-1.23.orig/lib/HTTP/Body/MultiPart.pm 2024-03-30 14:27:57.0 +1100 HTTP-Body-1.23/lib/HTTP/Body/MultiPart.pm 2024-05-02 13:07:21.794271606 +1100 +@@ -255,7 +255,7 @@ + + =cut + +-our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; ++our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; + our $file_temp_suffix = '.upload'; + our $file_temp_template; + our %file_temp_parameters; +
[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/
commit: e13598bae180c7395a993f09f8d80c94638ef5d1 Author: Andreas K. Hüttel gentoo org> AuthorDate: Mon Jun 14 23:21:26 2021 + Commit: Andreas K. Hüttel gentoo org> CommitDate: Mon Jun 14 23:26:11 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e13598ba dev-perl/HTTP-Body: EAPI=7 bump Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Andreas K. Hüttel gentoo.org> ...TTP-Body-1.220.0.ebuild => HTTP-Body-1.220.0-r1.ebuild} | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.220.0-r1.ebuild similarity index 87% rename from dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild rename to dev-perl/HTTP-Body/HTTP-Body-1.220.0-r1.ebuild index e79962b2bb1..fa04f910593 100644 --- a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild +++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0-r1.ebuild @@ -1,10 +1,10 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=5 +EAPI=7 -MODULE_AUTHOR=GETTY -MODULE_VERSION=1.22 +DIST_AUTHOR=GETTY +DIST_VERSION=1.22 inherit perl-module DESCRIPTION="HTTP Body Parser" @@ -24,7 +24,7 @@ RDEPEND=" dev-perl/HTTP-Message >=virtual/perl-IO-1.140.0 " -DEPEND="${RDEPEND} +BDEPEND="${RDEPEND} virtual/perl-ExtUtils-MakeMaker test? ( virtual/perl-Encode @@ -35,11 +35,11 @@ DEPEND="${RDEPEND} >=virtual/perl-Test-Simple-0.860.0 ) " + PERL_RM_FILES=( t/02pod.t t/03podcoverage.t t/04critic.t ) -PATCHES=( "${FILESDIR}/${PN}-1.190.0-CVE-2013-4407.patch" ) -SRC_TEST=do +PATCHES=( "${FILESDIR}/${PN}-1.190.0-CVE-2013-4407.patch" )
[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/
commit: 3f9a150879f7718700dadc62f1ac996c2f79e568 Author: Thomas Deutschmann gentoo org> AuthorDate: Thu Apr 5 21:21:01 2018 + Commit: Thomas Deutschmann gentoo org> CommitDate: Thu Apr 5 21:21:29 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f9a1508 dev-perl/HTTP-Body: x86 stable (bug #652296) Package-Manager: Portage-2.3.28, Repoman-2.3.9 dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild index 4fe48c7cffd..483c210c6be 100644 --- a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild +++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -10,7 +10,7 @@ inherit perl-module DESCRIPTION="HTTP Body Parser" SLOT="0" -KEYWORDS="~alpha amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" +KEYWORDS="~alpha amd64 ~ia64 ~ppc ~ppc64 ~sparc x86" IUSE="test" # HTTP::Headers -> HTTP-Message
[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/
commit: adb19368dced9f88b72461f566354f56f812aef1 Author: Tobias Klausmann gentoo org> AuthorDate: Thu Jan 26 11:43:01 2017 + Commit: Tobias Klausmann gentoo org> CommitDate: Thu Jan 26 14:03:26 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adb19368 dev-perl/HTTP-Body-1.220.0-r0: keyworded for ~alpha Gentoo-Bug: 577100 dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild index 7daa181..8941f2b 100644 --- a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild +++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild @@ -11,7 +11,7 @@ inherit perl-module DESCRIPTION="HTTP Body Parser" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="~alpha ~amd64 ~x86" IUSE="test" # HTTP::Headers -> HTTP-Message
[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/
commit: 9003f7860b3ff27978a89f237c6a407c54ba71d8 Author: Andreas K. Hüttel gentoo org> AuthorDate: Tue Feb 23 15:10:30 2016 + Commit: Andreas Hüttel gentoo org> CommitDate: Thu Feb 25 04:14:16 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9003f786 dev-perl/HTTP-Body: Remove old Package-Manager: portage-2.2.27 dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild | 33 - dev-perl/HTTP-Body/Manifest | 1 - 2 files changed, 34 deletions(-) diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild deleted file mode 100644 index f74816b..000 --- a/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI=5 - -MODULE_AUTHOR=GETTY -MODULE_VERSION=1.19 -inherit perl-module - -DESCRIPTION="HTTP Body Parser" - -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="test" - -RDEPEND=" - virtual/perl-Carp - virtual/perl-Digest-MD5 - >=virtual/perl-File-Temp-0.140.0 - dev-perl/libwww-perl - >=virtual/perl-IO-1.140.0 -" -DEPEND="${RDEPEND} - test? ( - dev-perl/Test-Deep - >=virtual/perl-Test-Simple-0.860.0 - ) -" - -PATCHES=( "${FILESDIR}/${P}-CVE-2013-4407.patch" ) - -SRC_TEST=do diff --git a/dev-perl/HTTP-Body/Manifest b/dev-perl/HTTP-Body/Manifest index 41d35be..b0c2f2d 100644 --- a/dev-perl/HTTP-Body/Manifest +++ b/dev-perl/HTTP-Body/Manifest @@ -1,2 +1 @@ -DIST HTTP-Body-1.19.tar.gz 24189 SHA256 01506ac3a19ac96083e0aa3881378fb934bf466e7dca4b9fc1dcbc0fa49e102a SHA512 c2ef3ba34eaebfe8f16329f5735c467cb8b8cd8611104fb6a84a55eccfa06daf1fece49056a111f8d652dd1df4f1bad5c7e1c54f767fda4d150ba6f787c79a16 WHIRLPOOL fc74c6cc67d18254d250d8530ca3c3dfe6c3520d625f8020fa687aadb1f29c15feaf55690dcddd01b8dfbbf9893bf0feded005cc9960b3ef4264d3a6bf903eb1 DIST HTTP-Body-1.22.tar.gz 26163 SHA256 fc0d2c585b3bd1532d92609965d589e0c87cd380e7cca42fb9ad0a1311227297 SHA512 62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe WHIRLPOOL f796dda283d26448d2147b36d9883366ea4b21ce31b30f79d90d66e5b5387e983298252e67d329e60ef0daa8b1c27bde031a8b324b21f62b9640bc6b46c22426