commit 0bffce3a1cd6625625c48ba932d586e10fd1517e Author: Tom "spot" Callaway <tcallawa@xxxxxxxxxx> Date: Wed Dec 1 13:50:30 2010 -0500 patch for randomizing boundary (bz 658973) perl-CGI-Simple-boundary-fix.patch | 54 ++++++++++++++++++++++++++++++++++++ perl-CGI-Simple.spec | 19 ++++++++++-- sources | 2 +- 3 files changed, 71 insertions(+), 4 deletions(-) --- diff --git a/perl-CGI-Simple-boundary-fix.patch b/perl-CGI-Simple-boundary-fix.patch new file mode 100644 index 0000000..4b1f8db --- /dev/null +++ b/perl-CGI-Simple-boundary-fix.patch @@ -0,0 +1,54 @@ +diff -up CGI-Simple-1.112/lib/CGI/Simple.pm.boundary-fix CGI-Simple-1.112/lib/CGI/Simple.pm +--- CGI-Simple-1.112/lib/CGI/Simple.pm.boundary-fix 2009-05-31 06:43:05.000000000 -0400 ++++ CGI-Simple-1.112/lib/CGI/Simple.pm 2010-12-01 13:25:51.647803001 -0500 +@@ -1105,7 +1105,14 @@ sub multipart_init { + my ( $self, @p ) = @_; + use CGI::Simple::Util qw(rearrange); + my ( $boundary, @other ) = rearrange( ['BOUNDARY'], @p ); +- $boundary = $boundary || '------- =_aaaaaaaaaa0'; ++ if (!$boundary) { ++ $boundary = '------- =_'; ++ my @chrs = ('0'..'9', 'A'..'Z', 'a'..'z'); ++ for (1..17) { ++ $boundary .= $chrs[rand(scalar @chrs)]; ++ } ++ } ++ + my $CRLF = $self->crlf; # get CRLF sequence + my $warning + = "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY."; +diff -up CGI-Simple-1.112/t/050.simple.t.boundary-fix CGI-Simple-1.112/t/050.simple.t +--- CGI-Simple-1.112/t/050.simple.t.boundary-fix 2010-12-01 13:46:01.565803000 -0500 ++++ CGI-Simple-1.112/t/050.simple.t 2010-12-01 13:46:30.965803001 -0500 +@@ -945,10 +945,11 @@ $q = new CGI::Simple; + $sv = $q->multipart_init(); + like( + $sv, +- qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|, ++ qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|, + 'multipart_init(), 1' + ); +-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' ); ++like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/, ++ 'multipart_init(), 2' ); + $sv = $q->multipart_init( 'this_is_the_boundary' ); + like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' ); + $sv = $q->multipart_init( -boundary => 'this_is_another_boundary' ); +diff -up CGI-Simple-1.112/t/070.standard.t.boundary-fix CGI-Simple-1.112/t/070.standard.t +--- CGI-Simple-1.112/t/070.standard.t.boundary-fix 2010-12-01 13:46:46.365803003 -0500 ++++ CGI-Simple-1.112/t/070.standard.t 2010-12-01 13:47:20.993803003 -0500 +@@ -953,10 +953,12 @@ restore_parameters(); + $sv = multipart_init(); + like( + $sv, +- qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|, ++ qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|, + 'multipart_init(), 1' + ); +-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' ); ++ ++like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/, ++ 'multipart_init(), 2' ); + $sv = multipart_init( 'this_is_the_boundary' ); + like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' ); + $sv = multipart_init( -boundary => 'this_is_another_boundary' ); diff --git a/perl-CGI-Simple.spec b/perl-CGI-Simple.spec index 041dd3e..cc9748a 100644 --- a/perl-CGI-Simple.spec +++ b/perl-CGI-Simple.spec @@ -1,15 +1,17 @@ Name: perl-CGI-Simple -Version: 1.108 -Release: 3%{?dist} +Version: 1.112 +Release: 2%{?dist} Summary: Simple totally OO CGI interface that is CGI.pm compliant Group: Development/Libraries License: GPL+ or Artistic URL: http://search.cpan.org/dist/CGI-Simple/ Source0: http://search.cpan.org/CPAN/authors/id/A/AN/ANDYA/CGI-Simple-%{version}.tar.gz +# https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380 +Patch0: perl-CGI-Simple-boundary-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch -BuildRequires: perl(ExtUtils::MakeMaker), perl(Test::More) +BuildRequires: perl(ExtUtils::MakeMaker), perl(Test::More), perl(IO::Scalar) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %description @@ -17,10 +19,12 @@ Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %prep %setup -q -n CGI-Simple-%{version} +%patch0 -p1 -b .boundary-fix chmod -x Changes README perldoc -t perlartistic > Artistic perldoc -t perlgpl > COPYING + %build %{__perl} Makefile.PL INSTALLDIRS=vendor make @@ -46,6 +50,15 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Dec 1 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1.112-2 +- patch for randomizing boundary (bz 658973) + +* Mon Jul 12 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 1.112-1 +- update to 1.112 + +* Fri Apr 30 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 1.108-4 +- Mass rebuild with perl-5.12.0 + * Mon Dec 7 2009 Stepan Kasal <skasal@xxxxxxxxxx> - 1.108-3 - rebuild against perl 5.10.1 diff --git a/sources b/sources index 8b43cb9..cbff1fd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -00c79666c3763220c33e35f75e1bea8b CGI-Simple-1.108.tar.gz +6a59dd252317b94fffe0aa3fdae206c7 CGI-Simple-1.112.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel