[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/, dev-perl/HTTP-Body/files/
commit: 0401373b18f97cad54dc4df9f9e5b131aee0aa76
Author: Andreas K. Hüttel gentoo org>
AuthorDate: Thu May 2 02:10:10 2024 +
Commit: Andreas K. Hüttel gentoo org>
CommitDate: Thu May 2 02:10:48 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0401373b
dev-perl/HTTP-Body: add 1.230.0
Signed-off-by: Andreas K. Hüttel gentoo.org>
dev-perl/HTTP-Body/HTTP-Body-1.230.0.ebuild| 43 ++
dev-perl/HTTP-Body/Manifest| 1 +
.../files/HTTP-Body-1.230.0-CVE-2013-4407.patch| 33 +
3 files changed, 77 insertions(+)
diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.230.0.ebuild
b/dev-perl/HTTP-Body/HTTP-Body-1.230.0.ebuild
new file mode 100644
index ..4e35d76d651b
--- /dev/null
+++ b/dev-perl/HTTP-Body/HTTP-Body-1.230.0.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DIST_AUTHOR=GETTY
+DIST_VERSION=1.23
+inherit perl-module
+
+DESCRIPTION="HTTP Body Parser"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+# HTTP::Headers -> HTTP-Message
+# HTTP::Request::Common -> HTTP-Message
+# IO::File -> IO
+RDEPEND="
+ virtual/perl-Carp
+ virtual/perl-Digest-MD5
+ >=virtual/perl-File-Temp-0.140.0
+ dev-perl/HTTP-Message
+ >=virtual/perl-IO-1.140.0
+"
+BDEPEND="${RDEPEND}
+ virtual/perl-ExtUtils-MakeMaker
+ test? (
+ virtual/perl-Encode
+ virtual/perl-File-Spec
+ >=virtual/perl-File-Temp-0.140.0
+ dev-perl/HTTP-Message
+ dev-perl/Test-Deep
+ >=virtual/perl-Test-Simple-0.860.0
+ )
+"
+
+PERL_RM_FILES=(
+ t/02pod.t
+ t/03podcoverage.t
+ t/04critic.t
+)
+
+PATCHES=( "${FILESDIR}/${PN}-1.230.0-CVE-2013-4407.patch" )
diff --git a/dev-perl/HTTP-Body/Manifest b/dev-perl/HTTP-Body/Manifest
index d2a831ea78f3..381c6924aeb3 100644
--- a/dev-perl/HTTP-Body/Manifest
+++ b/dev-perl/HTTP-Body/Manifest
@@ -1 +1,2 @@
DIST HTTP-Body-1.22.tar.gz 26163 BLAKE2B
c6b2cf67fd9964fe253251dd91a67b11563c3cb157ad670733254acb3d44fcede97dcfb84d09ed52bc9f8cc60275838abd8f110aa01aed3bb18400bcc108b255
SHA512
62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe
+DIST HTTP-Body-1.23.tar.gz 26980 BLAKE2B
2ad08b894a26a06089dff6294f978583d49ee5aa770fb195d01fc6db7a39bda0cb831ed5137afabbc75598e2dbe3fb8dd0681f688776270d01f99498abb17c23
SHA512
b02fb8652ceebdaa858ff12fe759ded62eefa7f23e5bf8b90e31a52d4433f13d29986f9646141b92a6a4ea58e1be007c6f675c3e2b26559fa0ff9333e69f3ebb
diff --git a/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch
b/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch
new file mode 100644
index ..e4046ec3fec3
--- /dev/null
+++ b/dev-perl/HTTP-Body/files/HTTP-Body-1.230.0-CVE-2013-4407.patch
@@ -0,0 +1,33 @@
+Description: Allow only word characters in filename suffixes
+ CVE-2013-4407: Allow only word characters in filename suffixes. An
+ attacker able to upload files to a service that uses
+ HTTP::Body::Multipart could use this issue to upload a file and create
+ a specifically-crafted temporary filename on the server, that when
+ processed without further validation, could allow execution of commands
+ on the server.
+Origin: vendor
+Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
+Bug-Debian: http://bugs.debian.org/721634
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
+Forwarded: no
+Author: Salvatore Bonaccorso
+Last-Update: 2013-10-21
+
+Updated by Andreas K. Huettel for HTTP-Body-1.19
+Updated by Andreas K. Huettel for HTTP-Body-1.23
+ This version has a fix for the CVE, but the stricter regexp has served
+ us well so far...
+
+diff -ruN HTTP-Body-1.23.orig/lib/HTTP/Body/MultiPart.pm
HTTP-Body-1.23/lib/HTTP/Body/MultiPart.pm
+--- HTTP-Body-1.23.orig/lib/HTTP/Body/MultiPart.pm 2024-03-30
14:27:57.0 +1100
HTTP-Body-1.23/lib/HTTP/Body/MultiPart.pm 2024-05-02 13:07:21.794271606
+1100
+@@ -255,7 +255,7 @@
+
+ =cut
+
+-our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/;
++our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/;
+ our $file_temp_suffix = '.upload';
+ our $file_temp_template;
+ our %file_temp_parameters;
+
[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/
commit: e13598bae180c7395a993f09f8d80c94638ef5d1
Author: Andreas K. Hüttel gentoo org>
AuthorDate: Mon Jun 14 23:21:26 2021 +
Commit: Andreas K. Hüttel gentoo org>
CommitDate: Mon Jun 14 23:26:11 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e13598ba
dev-perl/HTTP-Body: EAPI=7 bump
Package-Manager: Portage-3.0.18, Repoman-3.0.2
Signed-off-by: Andreas K. Hüttel gentoo.org>
...TTP-Body-1.220.0.ebuild => HTTP-Body-1.220.0-r1.ebuild} | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild
b/dev-perl/HTTP-Body/HTTP-Body-1.220.0-r1.ebuild
similarity index 87%
rename from dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild
rename to dev-perl/HTTP-Body/HTTP-Body-1.220.0-r1.ebuild
index e79962b2bb1..fa04f910593 100644
--- a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild
+++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0-r1.ebuild
@@ -1,10 +1,10 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=5
+EAPI=7
-MODULE_AUTHOR=GETTY
-MODULE_VERSION=1.22
+DIST_AUTHOR=GETTY
+DIST_VERSION=1.22
inherit perl-module
DESCRIPTION="HTTP Body Parser"
@@ -24,7 +24,7 @@ RDEPEND="
dev-perl/HTTP-Message
>=virtual/perl-IO-1.140.0
"
-DEPEND="${RDEPEND}
+BDEPEND="${RDEPEND}
virtual/perl-ExtUtils-MakeMaker
test? (
virtual/perl-Encode
@@ -35,11 +35,11 @@ DEPEND="${RDEPEND}
>=virtual/perl-Test-Simple-0.860.0
)
"
+
PERL_RM_FILES=(
t/02pod.t
t/03podcoverage.t
t/04critic.t
)
-PATCHES=( "${FILESDIR}/${PN}-1.190.0-CVE-2013-4407.patch" )
-SRC_TEST=do
+PATCHES=( "${FILESDIR}/${PN}-1.190.0-CVE-2013-4407.patch" )
[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/
commit: 3f9a150879f7718700dadc62f1ac996c2f79e568 Author: Thomas Deutschmann gentoo org> AuthorDate: Thu Apr 5 21:21:01 2018 + Commit: Thomas Deutschmann gentoo org> CommitDate: Thu Apr 5 21:21:29 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f9a1508 dev-perl/HTTP-Body: x86 stable (bug #652296) Package-Manager: Portage-2.3.28, Repoman-2.3.9 dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild index 4fe48c7cffd..483c210c6be 100644 --- a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild +++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -10,7 +10,7 @@ inherit perl-module DESCRIPTION="HTTP Body Parser" SLOT="0" -KEYWORDS="~alpha amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" +KEYWORDS="~alpha amd64 ~ia64 ~ppc ~ppc64 ~sparc x86" IUSE="test" # HTTP::Headers -> HTTP-Message
[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/
commit: adb19368dced9f88b72461f566354f56f812aef1 Author: Tobias Klausmann gentoo org> AuthorDate: Thu Jan 26 11:43:01 2017 + Commit: Tobias Klausmann gentoo org> CommitDate: Thu Jan 26 14:03:26 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adb19368 dev-perl/HTTP-Body-1.220.0-r0: keyworded for ~alpha Gentoo-Bug: 577100 dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild index 7daa181..8941f2b 100644 --- a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild +++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild @@ -11,7 +11,7 @@ inherit perl-module DESCRIPTION="HTTP Body Parser" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="~alpha ~amd64 ~x86" IUSE="test" # HTTP::Headers -> HTTP-Message
[gentoo-commits] repo/gentoo:master commit in: dev-perl/HTTP-Body/
commit: 9003f7860b3ff27978a89f237c6a407c54ba71d8
Author: Andreas K. Hüttel gentoo org>
AuthorDate: Tue Feb 23 15:10:30 2016 +
Commit: Andreas Hüttel gentoo org>
CommitDate: Thu Feb 25 04:14:16 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9003f786
dev-perl/HTTP-Body: Remove old
Package-Manager: portage-2.2.27
dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild | 33 -
dev-perl/HTTP-Body/Manifest | 1 -
2 files changed, 34 deletions(-)
diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild
b/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild
deleted file mode 100644
index f74816b..000
--- a/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-MODULE_AUTHOR=GETTY
-MODULE_VERSION=1.19
-inherit perl-module
-
-DESCRIPTION="HTTP Body Parser"
-
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="test"
-
-RDEPEND="
- virtual/perl-Carp
- virtual/perl-Digest-MD5
- >=virtual/perl-File-Temp-0.140.0
- dev-perl/libwww-perl
- >=virtual/perl-IO-1.140.0
-"
-DEPEND="${RDEPEND}
- test? (
- dev-perl/Test-Deep
- >=virtual/perl-Test-Simple-0.860.0
- )
-"
-
-PATCHES=( "${FILESDIR}/${P}-CVE-2013-4407.patch" )
-
-SRC_TEST=do
diff --git a/dev-perl/HTTP-Body/Manifest b/dev-perl/HTTP-Body/Manifest
index 41d35be..b0c2f2d 100644
--- a/dev-perl/HTTP-Body/Manifest
+++ b/dev-perl/HTTP-Body/Manifest
@@ -1,2 +1 @@
-DIST HTTP-Body-1.19.tar.gz 24189 SHA256
01506ac3a19ac96083e0aa3881378fb934bf466e7dca4b9fc1dcbc0fa49e102a SHA512
c2ef3ba34eaebfe8f16329f5735c467cb8b8cd8611104fb6a84a55eccfa06daf1fece49056a111f8d652dd1df4f1bad5c7e1c54f767fda4d150ba6f787c79a16
WHIRLPOOL
fc74c6cc67d18254d250d8530ca3c3dfe6c3520d625f8020fa687aadb1f29c15feaf55690dcddd01b8dfbbf9893bf0feded005cc9960b3ef4264d3a6bf903eb1
DIST HTTP-Body-1.22.tar.gz 26163 SHA256
fc0d2c585b3bd1532d92609965d589e0c87cd380e7cca42fb9ad0a1311227297 SHA512
62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe
WHIRLPOOL
f796dda283d26448d2147b36d9883366ea4b21ce31b30f79d90d66e5b5387e983298252e67d329e60ef0daa8b1c27bde031a8b324b21f62b9640bc6b46c22426
