commit b117c2f23600335f6e75c11b0bda363f8b7e9fd1
Author: Yanko Kaneti <yaneti@xxxxxxxxxxx>
Date: Sun Apr 17 12:12:47 2011 +0300
Security bugfix attempt
perl-Mojolicious-security-bug697230.patch | 43 +++++++++++++++++++++++++++++
perl-Mojolicious.spec | 7 ++++-
2 files changed, 49 insertions(+), 1 deletions(-)
---
diff --git a/perl-Mojolicious-security-bug697230.patch b/perl-Mojolicious-security-bug697230.patch
new file mode 100644
index 0000000..b22b028
--- /dev/null
+++ b/perl-Mojolicious-security-bug697230.patch
@@ -0,0 +1,43 @@
+diff -ur Mojolicious-0.999929/lib/Mojo/Path.pm Mojolicious-0.999929.path/lib/Mojo/Path.pm
+--- Mojolicious-0.999929/lib/Mojo/Path.pm 2010-08-12 16:30:58.000000000 +0300
++++ Mojolicious-0.999929.path/lib/Mojo/Path.pm 2011-04-17 11:40:04.293565379 +0300
+@@ -83,6 +83,9 @@
+ $self->leading_slash(1) if $path =~ /^\//;
+ $self->trailing_slash(1) if $path =~ /\/$/;
+
++ # Unescape
++ $path = b($path)->url_unescape($Mojo::URL::PCHAR)->to_string;
++
+ # Parse
+ my @parts;
+ for my $part (split '/', $path) {
+diff -ur Mojolicious-0.999929/t/mojo/url.t Mojolicious-0.999929.path/t/mojo/url.t
+--- Mojolicious-0.999929/t/mojo/url.t 2010-08-12 16:41:54.000000000 +0300
++++ Mojolicious-0.999929.path/t/mojo/url.t 2011-04-17 12:07:06.039565530 +0300
+@@ -125,12 +125,12 @@
+ is($url->userinfo, undef, 'no userinfo');
+ is($url->host, 'acme.s3.amazonaws.com', 'right host');
+ is($url->port, undef, 'no port');
+-is($url->path, '/mojo%2Fg++-4.2_4.2.3-2ubuntu7_i386.deb', 'right path');
++is($url->path, '/mojo/g++-4.2_4.2.3-2ubuntu7_i386.deb', 'right path');
+ ok(!$url->query, 'no query');
+ is_deeply($url->query->to_hash, {}, 'right structure');
+ is($url->fragment, undef, 'no fragment');
+ is("$url",
+- 'http://acme.s3.amazonaws.com/mojo%2Fg++-4.2_4.2.3-2ubuntu7_i386.deb',
++ 'http://acme.s3.amazonaws.com/mojo/g++-4.2_4.2.3-2ubuntu7_i386.deb',
+ 'right format');
+
+ # Clone (advanced)
+diff -ur Mojolicious-0.999929/t/mojox/routes/routes.t Mojolicious-0.999929.path/t/mojox/routes/routes.t
+--- Mojolicious-0.999929/t/mojox/routes/routes.t 2010-08-12 16:43:50.000000000 +0300
++++ Mojolicious-0.999929.path/t/mojox/routes/routes.t 2011-04-17 12:06:16.197565530 +0300
+@@ -357,7 +357,7 @@
+ $m = MojoX::Routes::Match->new($tx)->match($r);
+ is($m->stack->[0]->{controller}, 'wild', 'right value');
+ is($m->stack->[0]->{action}, 'card', 'right value');
+-is($m->stack->[0]->{wildcard}, 'http://www.google.com', 'right value');
++is($m->stack->[0]->{wildcard}, 'http:/www.google.com', 'right value');
+ is($m->url_for, '/wildcards/1/http:/www.google.com', 'right URL');
+ is(@{$m->stack}, 1, 'right number of elements');
+
diff --git a/perl-Mojolicious.spec b/perl-Mojolicious.spec
index 28e0474..6ef4906 100644
--- a/perl-Mojolicious.spec
+++ b/perl-Mojolicious.spec
@@ -1,11 +1,12 @@
Name: perl-Mojolicious
Version: 0.999929
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A next generation web framework for Perl
License: Artistic 2.0
Group: Development/Libraries
URL: http://mojolicious.org/
Source0: http://www.cpan.org/authors/id/K/KR/KRAIH/Mojolicious-%{version}.tar.gz
+Patch0: perl-Mojolicious-security-bug697230.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl >= 0:5.008007
@@ -25,6 +26,7 @@ a new attempt at implementing this idea using state of the art technology.
%prep
%setup -q -n Mojolicious-%{version}
+%patch0 -p1 -b .bug697230
%build
%{__perl} Makefile.PL INSTALLDIRS=vendor
@@ -56,6 +58,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
+* Sun Apr 17 2011 Yanko Kaneti <yaneti@xxxxxxxxxxx> 0.999929-2
+- Security bugfix attempt.
+
* Mon Aug 20 2010 Yanko Kaneti <yaneti@xxxxxxxxxxx> 0.999929-1
- Latest upstream release.
http://search.cpan.org/src/KRAIH/Mojolicious-0.999929/Changes
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
