diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
| commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
| tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /dev-perl/HTTP-Body | |
reinit the tree, so we can have metadata
Diffstat (limited to 'dev-perl/HTTP-Body')
| -rw-r--r-- | dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild | 44 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/Manifest | 6 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch | 31 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/metadata.xml | 17 |
4 files changed, 98 insertions, 0 deletions
diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild new file mode 100644 index 000000000000..4fe48c7cffd6 --- /dev/null +++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild @@ -0,0 +1,44 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +MODULE_AUTHOR=GETTY +MODULE_VERSION=1.22 +inherit perl-module + +DESCRIPTION="HTTP Body Parser" + +SLOT="0" +KEYWORDS="~alpha amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="test" + +# HTTP::Headers -> HTTP-Message +# HTTP::Request::Common -> HTTP-Message +# IO::File -> IO +RDEPEND=" + virtual/perl-Carp + virtual/perl-Digest-MD5 + >=virtual/perl-File-Temp-0.140.0 + dev-perl/HTTP-Message + >=virtual/perl-IO-1.140.0 +" +DEPEND="${RDEPEND} + virtual/perl-ExtUtils-MakeMaker + test? ( + virtual/perl-Encode + virtual/perl-File-Spec + >=virtual/perl-File-Temp-0.140.0 + dev-perl/HTTP-Message + dev-perl/Test-Deep + >=virtual/perl-Test-Simple-0.860.0 + ) +" +PERL_RM_FILES=( + t/02pod.t + t/03podcoverage.t + t/04critic.t +) +PATCHES=( "${FILESDIR}/${PN}-1.190.0-CVE-2013-4407.patch" ) + +SRC_TEST=do diff --git a/dev-perl/HTTP-Body/Manifest b/dev-perl/HTTP-Body/Manifest new file mode 100644 index 000000000000..81b86aa9282a --- /dev/null +++ b/dev-perl/HTTP-Body/Manifest @@ -0,0 +1,6 @@ +AUX HTTP-Body-1.190.0-CVE-2013-4407.patch 1288 SHA256 0f4d23e73fee771155a97883ef58e9045bff5a35715949452445812c862f16c3 SHA512 9e2988eb26b54588d314c9ea7511dfcb1c4d91cac60fda7db5f3c41ebf72d6b16cb1e3983817d63ea28b413f82489c3e69f332daab0ff049349ec97b4498bfae WHIRLPOOL 4ee9cb74310c8a9cc1de94fdcd1135bfa29b0d7ce7caec6491a128d8e8daa3bf3983d85947a377849cc8a350c82f5c952c598c2fe030d75dea03e2e2985a0bd7 +DIST HTTP-Body-1.22.tar.gz 26163 SHA256 fc0d2c585b3bd1532d92609965d589e0c87cd380e7cca42fb9ad0a1311227297 SHA512 62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe WHIRLPOOL f796dda283d26448d2147b36d9883366ea4b21ce31b30f79d90d66e5b5387e983298252e67d329e60ef0daa8b1c27bde031a8b324b21f62b9640bc6b46c22426 +EBUILD HTTP-Body-1.220.0.ebuild 879 SHA256 3f267666fff9529eaceed43e7c6d0059faaceecf07b186078ac5869f65dbe188 SHA512 75fcddaa49753cdc68bf61e51fbf65b1d2bb6dec25b67c3253c76ad2cb763cfaeb7e70928a8e623b00636a9651158ca8b25c414fa347c6dea1b52b02ce8dedaf WHIRLPOOL 9a3f513be995dc4bcc5b42fad3e61037983fc16df86d41bfecb0f928c93273b8c982abce06fbf2c642bf10f07aac88ead22d79e6e7256826ab0d2dde4ecc2b94 +MISC ChangeLog 2680 SHA256 ea8da063ffec6902357cba7f134467bba0f2bb9fbd9ce30f051855538e659e10 SHA512 a38bd55fb740f6567cc1f87ded46556d8d9a77e6b1c8215de9ff0abfb2736de91edf06e9aae95fc4a4488d515e548f4f788058562be6e86b91e041986af5f255 WHIRLPOOL abf656cfb4f57087753acb73d75d72ccbfd55d8a3ded31d73c2c1b160624d896c9b37724c70f3632291ef9c727aa8c507b05c8144b348318e96f5556a926e953 +MISC ChangeLog-2015 2855 SHA256 5c57a3cdfd0ccf352da6340c077fa45649abd9b1ace05f1128761327e1a0b17c SHA512 9c7c0feca8c87ca197f4cd8be668da5f26a25e8ec559a6d3b793479a8c63d2eb7ad03e4fd1b96dd3d07e44d5d9e73d9b371474cb0528292b2faf2db975b69efe WHIRLPOOL ea7ae1ee2649f742962aa1b5959c3947f1ac4d87affd580fa88336f18be7b5e66142a55bb817d893ea0ef30605a6ad304e773298e542929e4643d52eeefdbde7 +MISC metadata.xml 736 SHA256 60bb1c57e1d7d26a2f09d35a58668cf8fb19fefcadcc81e38d5c197bfb828585 SHA512 3bc205adb892305068cfd7fd3c78ab4cf65628155277dc64951b07352ccf70c43ed22454ff3ea722f90e212306886d7ae3c89d12a3ae9e8e14f35d9674533450 WHIRLPOOL 355159124ec415ba0f50edd6c9593ce3b2ba7599b35c942e5073267a75bc38c165b7f63579ba6ca5070b5cf99c65a15b297150f5b6c3afe1dd3b63b549c20211 diff --git a/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch b/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch new file mode 100644 index 000000000000..292cac3aa6f4 --- /dev/null +++ b/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch @@ -0,0 +1,31 @@ +Description: Allow only word characters in filename suffixes + CVE-2013-4407: Allow only word characters in filename suffixes. An + attacker able to upload files to a service that uses + HTTP::Body::Multipart could use this issue to upload a file and create + a specifically-crafted temporary filename on the server, that when + processed without further validation, could allow execution of commands + on the server. +Origin: vendor +Bug: https://rt.cpan.org/Ticket/Display.html?id=88342 +Bug-Debian: http://bugs.debian.org/721634 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669 +Forwarded: no +Author: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2013-10-21 + +Updated by Andreas K. Huettel <dilfridge@gentoo.org> for HTTP-Body-1.19 + +diff -ruN HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm +--- HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm 2013-12-06 16:07:25.000000000 +0100 ++++ HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm 2014-11-30 23:17:19.652051615 +0100 +@@ -258,8 +258,8 @@ + + =cut + +-our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; +-#our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; ++#our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; ++our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; + + sub handler { + my ( $self, $part ) = @_; diff --git a/dev-perl/HTTP-Body/metadata.xml b/dev-perl/HTTP-Body/metadata.xml new file mode 100644 index 000000000000..482b462e2598 --- /dev/null +++ b/dev-perl/HTTP-Body/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>perl@gentoo.org</email> + <name>Gentoo Perl Project</name> + </maintainer> + <upstream> + <remote-id type="cpan">HTTP-Body</remote-id> + <remote-id type="cpan-module">HTTP::Body</remote-id> + <remote-id type="cpan-module">HTTP::Body::MultiPart</remote-id> + <remote-id type="cpan-module">HTTP::Body::OctetStream</remote-id> + <remote-id type="cpan-module">HTTP::Body::UrlEncoded</remote-id> + <remote-id type="cpan-module">HTTP::Body::XForms</remote-id> + <remote-id type="cpan-module">HTTP::Body::XFormsMultipart</remote-id> + </upstream> +</pkgmetadata> |