diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2018-07-14 21:03:06 +0100 |
| commit | 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch) | |
| tree | 7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /dev-perl/HTTP-Body | |
| parent | 30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff) | |
gentoo resync : 14.07.2018
Diffstat (limited to 'dev-perl/HTTP-Body')
| -rw-r--r-- | dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild | 44 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/Manifest | 4 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch | 31 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/metadata.xml | 17 |
4 files changed, 96 insertions, 0 deletions
diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild new file mode 100644 index 000000000000..483c210c6bee --- /dev/null +++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild @@ -0,0 +1,44 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +MODULE_AUTHOR=GETTY +MODULE_VERSION=1.22 +inherit perl-module + +DESCRIPTION="HTTP Body Parser" + +SLOT="0" +KEYWORDS="~alpha amd64 ~ia64 ~ppc ~ppc64 ~sparc x86" +IUSE="test" + +# HTTP::Headers -> HTTP-Message +# HTTP::Request::Common -> HTTP-Message +# IO::File -> IO +RDEPEND=" + virtual/perl-Carp + virtual/perl-Digest-MD5 + >=virtual/perl-File-Temp-0.140.0 + dev-perl/HTTP-Message + >=virtual/perl-IO-1.140.0 +" +DEPEND="${RDEPEND} + virtual/perl-ExtUtils-MakeMaker + test? ( + virtual/perl-Encode + virtual/perl-File-Spec + >=virtual/perl-File-Temp-0.140.0 + dev-perl/HTTP-Message + dev-perl/Test-Deep + >=virtual/perl-Test-Simple-0.860.0 + ) +" +PERL_RM_FILES=( + t/02pod.t + t/03podcoverage.t + t/04critic.t +) +PATCHES=( "${FILESDIR}/${PN}-1.190.0-CVE-2013-4407.patch" ) + +SRC_TEST=do diff --git a/dev-perl/HTTP-Body/Manifest b/dev-perl/HTTP-Body/Manifest new file mode 100644 index 000000000000..d8c38577dde0 --- /dev/null +++ b/dev-perl/HTTP-Body/Manifest @@ -0,0 +1,4 @@ +AUX HTTP-Body-1.190.0-CVE-2013-4407.patch 1288 BLAKE2B 776bf905aae20f57c89b443bd19860d2165d9df9061470dd2e789a4554a9950488127a42dc096a4e22d6866b2219ac7dc6b847c0ec551c947c09c6a1b8651b3f SHA512 9e2988eb26b54588d314c9ea7511dfcb1c4d91cac60fda7db5f3c41ebf72d6b16cb1e3983817d63ea28b413f82489c3e69f332daab0ff049349ec97b4498bfae +DIST HTTP-Body-1.22.tar.gz 26163 BLAKE2B c6b2cf67fd9964fe253251dd91a67b11563c3cb157ad670733254acb3d44fcede97dcfb84d09ed52bc9f8cc60275838abd8f110aa01aed3bb18400bcc108b255 SHA512 62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe +EBUILD HTTP-Body-1.220.0.ebuild 878 BLAKE2B 4da3fa4e04a67692e09693d832b2027f8a233857756bb71ebdd81d55b5225e06638a2f7a03f6b450c26cbe73046e5494b9ca6ffcc839122db822dec30fc12507 SHA512 a627a38c26bb1a86c88a56136ed4602614df3050ef9d9c6b7622c977eea945424c9e374c40f9b687d62dedd86a9e819b16c85445e1dc83aac256e628de9dabbd +MISC metadata.xml 736 BLAKE2B c5cc316719b0ae7cc9705f52b543df8f15a7e9518ec950d525ed38acfaed9becacebfaa3bc3e011fcec6a1a06792a8bcde56d24f1e922b03f35d714d6f94154f SHA512 3bc205adb892305068cfd7fd3c78ab4cf65628155277dc64951b07352ccf70c43ed22454ff3ea722f90e212306886d7ae3c89d12a3ae9e8e14f35d9674533450 diff --git a/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch b/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch new file mode 100644 index 000000000000..292cac3aa6f4 --- /dev/null +++ b/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch @@ -0,0 +1,31 @@ +Description: Allow only word characters in filename suffixes + CVE-2013-4407: Allow only word characters in filename suffixes. An + attacker able to upload files to a service that uses + HTTP::Body::Multipart could use this issue to upload a file and create + a specifically-crafted temporary filename on the server, that when + processed without further validation, could allow execution of commands + on the server. +Origin: vendor +Bug: https://rt.cpan.org/Ticket/Display.html?id=88342 +Bug-Debian: http://bugs.debian.org/721634 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669 +Forwarded: no +Author: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2013-10-21 + +Updated by Andreas K. Huettel <dilfridge@gentoo.org> for HTTP-Body-1.19 + +diff -ruN HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm +--- HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm 2013-12-06 16:07:25.000000000 +0100 ++++ HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm 2014-11-30 23:17:19.652051615 +0100 +@@ -258,8 +258,8 @@ + + =cut + +-our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; +-#our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; ++#our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; ++our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; + + sub handler { + my ( $self, $part ) = @_; diff --git a/dev-perl/HTTP-Body/metadata.xml b/dev-perl/HTTP-Body/metadata.xml new file mode 100644 index 000000000000..482b462e2598 --- /dev/null +++ b/dev-perl/HTTP-Body/metadata.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>perl@gentoo.org</email> + <name>Gentoo Perl Project</name> + </maintainer> + <upstream> + <remote-id type="cpan">HTTP-Body</remote-id> + <remote-id type="cpan-module">HTTP::Body</remote-id> + <remote-id type="cpan-module">HTTP::Body::MultiPart</remote-id> + <remote-id type="cpan-module">HTTP::Body::OctetStream</remote-id> + <remote-id type="cpan-module">HTTP::Body::UrlEncoded</remote-id> + <remote-id type="cpan-module">HTTP::Body::XForms</remote-id> + <remote-id type="cpan-module">HTTP::Body::XFormsMultipart</remote-id> + </upstream> +</pkgmetadata> |