commit b5e7f612c9c25e6a02955f77b6d6a4401cfff863
Author: Yanko Kaneti <yaneti@xxxxxxxxxxx>
Date: Tue May 3 20:37:22 2011 +0300
Blind attempt at CVE-2010-4803(#701718) and CVE-2011-1841
perl-Mojolicious-security-CVE-2010-4802.patch | 304 +++++++++++++++++++++++++
perl-Mojolicious-security-CVE-2011-1841.patch | 14 ++
perl-Mojolicious.spec | 10 +-
3 files changed, 327 insertions(+), 1 deletions(-)
---
diff --git a/perl-Mojolicious-security-CVE-2010-4802.patch b/perl-Mojolicious-security-CVE-2010-4802.patch
new file mode 100644
index 0000000..eefb7f9
--- /dev/null
+++ b/perl-Mojolicious-security-CVE-2010-4802.patch
@@ -0,0 +1,304 @@
+Only in Mojolicious-0.999925.hmac: Changes.orig
+Only in Mojolicious-0.999925.hmac: Changes.rej
+diff -ur Mojolicious-0.999925/lib/Mojo/ByteStream.pm Mojolicious-0.999925.hmac/lib/Mojo/ByteStream.pm
+--- Mojolicious-0.999925/lib/Mojo/ByteStream.pm 2010-06-03 21:53:02.000000000 +0300
++++ Mojolicious-0.999925.hmac/lib/Mojo/ByteStream.pm 2011-05-03 19:46:33.282802902 +0300
+@@ -24,6 +24,9 @@
+ use constant PUNYCODE_INITIAL_BIAS => 72;
+ use constant PUNYCODE_INITIAL_N => 128;
+
++# Core module since Perl 5.9.3
++use constant SHA1 => eval 'use Digest::SHA (); 1';
++
+ __PACKAGE__->attr(raw_size => 0);
+
+ # Punycode delimiter
+@@ -467,21 +470,9 @@
+ return $line;
+ }
+
+-sub hmac_md5_sum {
+- my ($self, $secret) = @_;
++sub hmac_md5_sum { shift->_hmac(\&_md5, @_) }
+
+- #Secret
+- $secret ||= 'Very unsecure!';
+- $secret = _md5_sum($secret) if length $secret > 64;
+-
+- # HMAC
+- my $ipad = $secret ^ (chr(0x36) x 64);
+- my $opad = $secret ^ (chr(0x5c) x 64);
+- $self->{bytestream} =
+- _md5_sum($opad . _md5_sum($ipad . $self->{bytestream}));
+-
+- return $self;
+-}
++sub hmac_sha1_sum { shift->_hmac(\&_sha1, @_) }
+
+ sub html_escape {
+ my $self = shift;
+@@ -521,7 +512,7 @@
+ sub md5_bytes {
+ my $self = shift;
+ utf8::encode $self->{bytestream} if utf8::is_utf8 $self->{bytestream};
+- $self->{bytestream} = Digest::MD5::md5($self->{bytestream});
++ $self->{bytestream} = _md5($self->{bytestream});
+ return $self;
+ }
+
+@@ -716,6 +707,24 @@
+ return substr $self->{bytestream}, 0, $length, $chunk;
+ }
+
++sub sha1_bytes {
++ my $self = shift;
++ utf8::encode $self->{bytestream} if utf8::is_utf8 $self->{bytestream};
++ $self->{bytestream} = _sha1($self->{bytestream});
++ return $self;
++}
++
++sub sha1_sum {
++ my $self = shift;
++ die <<'EOF' unless SHA1;
++Module "Digest::SHA" not present in this version of Perl.
++Please install it manually or upgrade Perl to at least version 5.10.
++EOF
++ utf8::encode $self->{bytestream} if utf8::is_utf8 $self->{bytestream};
++ $self->{bytestream} = Digest::SHA::sha1_hex($self->{bytestream});
++ return $self;
++}
++
+ sub size { length shift->{bytestream} }
+
+ sub to_string { shift->{bytestream} }
+@@ -800,8 +809,24 @@
+ / ($delta + PUNYCODE_SKEW));
+ }
+
+-# Helper for hmac_md5_sum
+-sub _md5_sum { Mojo::ByteStream->new(shift)->md5_sum->to_string }
++sub _hmac {
++ my ($self, $cb, $secret) = @_;
++
++ #Secret
++ $secret ||= 'Very unsecure!';
++ $secret = $cb->($secret) if length $secret > 64;
++
++ # HMAC
++ my $ipad = $secret ^ (chr(0x36) x 64);
++ my $opad = $secret ^ (chr(0x5c) x 64);
++ $self->{bytestream} = unpack 'H*',
++ $cb->($opad . $cb->($ipad . $self->{bytestream}));
++
++ return $self;
++}
++
++# Helper for md5_bytes
++sub _md5 { Digest::MD5::md5(shift) }
+
+ # Helper for url_sanitize
+ sub _sanitize {
+@@ -813,6 +838,15 @@
+ return '%' . uc $hex;
+ }
+
++# Helper for sha1_bytes
++sub _sha1 {
++ die <<'EOF' unless SHA1;
++Module "Digest::SHA" not present in this version of Perl.
++Please install it manually or upgrade Perl to at least version 5.10.
++EOF
++ Digest::SHA::sha1(shift);
++}
++
+ # Helper for html_unescape
+ sub _unescape {
+ my ($num, $entitie, $hex) = @_;
+@@ -850,6 +884,7 @@
+ $stream->encode('UTF-8');
+ $stream->decode('UTF-8');
+ $stream->hmac_md5_sum('secret');
++ $stream->hmac_sha1_sum('secret');
+ $stream->html_escape;
+ $stream->html_unescape;
+ $stream->md5_bytes;
+@@ -857,6 +892,8 @@
+ $stream->qp_encode;
+ $stream->qp_decode;
+ $stream->quote;
++ $stream->sha1_bytes;
++ $stream->sha1_sum;
+ $stream->unquote;
+ $stream->url_escape;
+ $stream->url_sanitize;
+@@ -994,6 +1031,13 @@
+
+ Turn bytestream into HMAC-MD5 checksum of old content.
+
++=head2 C<hmac_sha1_sum>
++
++ $stream = $stream->hmac_sha1_sum($secret);
++
++Turn bytestream into HMAC-SHA1 checksum of old content.
++Note that Perl 5.10 or L<Digest::SHA> are required for C<SHA1> support.
++
+ =head2 C<html_escape>
+
+ $stream = $stream->html_escape;
+@@ -1010,7 +1054,7 @@
+
+ $stream = $stream->md5_bytes;
+
+-Turn bytestream into 16 byte MD5 checksum of old content.
++Turn bytestream into binary MD5 checksum of old content.
+
+ =head2 C<md5_sum>
+
+@@ -1055,6 +1099,20 @@
+
+ Remove a specific number of bytes from bytestream.
+
++=head2 C<sha1_bytes>
++
++ $stream = $stream->sha1_bytes;
++
++Turn bytestream into binary SHA1 checksum of old content.
++Note that Perl 5.10 or L<Digest::SHA> are required for C<SHA1> support.
++
++=head2 C<sha1_sum>
++
++ $stream = $stream->sha1_sum;
++
++Turn bytestream into SHA1 checksum of old content.
++Note that Perl 5.10 or L<Digest::SHA> are required for C<SHA1> support.
++
+ =head2 C<size>
+
+ my $size = $stream->size;
+Only in Mojolicious-0.999925.hmac/lib/Mojo: ByteStream.pm.orig
+diff -ur Mojolicious-0.999925/t/mojo/bytestream.t Mojolicious-0.999925.hmac/t/mojo/bytestream.t
+--- Mojolicious-0.999925/t/mojo/bytestream.t 2010-06-03 22:00:13.000000000 +0300
++++ Mojolicious-0.999925.hmac/t/mojo/bytestream.t 2011-05-03 19:53:52.685802950 +0300
+@@ -10,7 +10,7 @@
+ # Homer, we're going to ask you a few simple yes or no questions.
+ # Do you understand?
+ # Yes. *lie dectector blows up*
+-use Test::More tests => 59;
++use Test::More tests => 72;
+
+ use_ok('Mojo::ByteStream', 'b');
+
+@@ -130,7 +130,7 @@
+ $stream = b('foo bar baz');
+ is( unpack('H*', $stream->md5_bytes),
+ "ab07acbb1e496801937adfa772424bf7",
+- 'right 16 byte md5 checksum'
++ 'right binary md5 checksum'
+ );
+
+ # md5_sum
+@@ -138,6 +138,20 @@
+ is($stream->md5_sum, 'ab07acbb1e496801937adfa772424bf7',
+ 'right md5 checksum');
+
++# sha1_bytes
++$stream = b('foo bar baz');
++is( unpack('H*', $stream->sha1_bytes),
++ "c7567e8b39e2428e38bf9c9226ac68de4c67dc39",
++ 'right binary sha1 checksum'
++);
++
++# sha1_sum
++$stream = b('foo bar baz');
++is( $stream->sha1_sum,
++ 'c7567e8b39e2428e38bf9c9226ac68de4c67dc39',
++ 'right sha1 checksum'
++);
++
+ # length
+ $stream = b('foo bar baz');
+ is($stream->size, 11, 'size is 11');
+@@ -147,20 +161,74 @@
+ is($stream->size, 1, 'size is 1');
+ is($stream->to_string, '0', 'right buffer content');
+
+-# hmac_md5_sum
+-is( b('some secret message')->hmac_md5_sum('secret'),
+- '5a7dcc4c407032ad10758abdda017f7b',
++# hmac_md5_sum (RFC2202)
++is( b("Hi There")->hmac_md5_sum(chr(0x0b) x 16),
++ '9294727a3638bb1c13f48ef8158bfc9d',
++ 'right hmac md5 checksum'
++);
++is( b("what do ya want for nothing?")->hmac_md5_sum("Jefe"),
++ '750c783e6ab0b503eaa86e310a5db738',
++ 'right hmac md5 checksum'
++);
++is( b(chr(0xdd) x 50)->hmac_md5_sum(chr(0xaa) x 16),
++ '56be34521d144c88dbb8c733f0e8b3f6',
++ 'right hmac md5 checksum'
++);
++is( b(chr(0xcd) x 50)->hmac_md5_sum(
++ pack 'H*' => '0102030405060708090a0b0c0d0e0f10111213141516171819'
++ ),
++ '697eaf0aca3a3aea3a75164746ffaa79',
++ 'right hmac md5 checksum'
++);
++is( b("Test With Truncation")->hmac_md5_sum(chr(0x0c) x 16),
++ '56461ef2342edc00f9bab995690efd4c',
+ 'right hmac md5 checksum'
+ );
+-is( b('some other message')->hmac_md5_sum('secret'),
+- '9ab78f427440259a33abb088d4400526',
++is( b("Test Using Larger Than Block-Size Key - Hash Key First")
++ ->hmac_md5_sum(chr(0xaa) x 80),
++ '6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd',
+ 'right hmac md5 checksum'
+ );
+-is( b('some secret message')->hmac_md5_sum('secret'),
+- '5a7dcc4c407032ad10758abdda017f7b',
++is( b( "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"
++ )->hmac_md5_sum(chr(0xaa) x 80),
++ '6f630fad67cda0ee1fb1f562db3aa53e',
+ 'right hmac md5 checksum'
+ );
+
++# hmac_sha1_sum (RFC2202)
++is( b("Hi There")->hmac_sha1_sum(chr(0x0b) x 20),
++ 'b617318655057264e28bc0b6fb378c8ef146be00',
++ 'right hmac sha1 checksum'
++);
++is( b("what do ya want for nothing?")->hmac_sha1_sum("Jefe"),
++ 'effcdf6ae5eb2fa2d27416d5f184df9c259a7c79',
++ 'right hmac sha1 checksum'
++);
++is( b(chr(0xdd) x 50)->hmac_sha1_sum(chr(0xaa) x 20),
++ '125d7342b9ac11cd91a39af48aa17b4f63f175d3',
++ 'right hmac sha1 checksum'
++);
++is( b(chr(0xcd) x 50)->hmac_sha1_sum(
++ pack 'H*' => '0102030405060708090a0b0c0d0e0f10111213141516171819'
++ ),
++ '4c9007f4026250c6bc8414f9bf50c86c2d7235da',
++ 'right hmac sha1 checksum'
++);
++is( b("Test With Truncation")->hmac_sha1_sum(chr(0x0c) x 20),
++ '4c1a03424b55e07fe7f27be1d58bb9324a9a5a04',
++ 'right hmac sha1 checksum'
++);
++is( b("Test Using Larger Than Block-Size Key - Hash Key First")
++ ->hmac_sha1_sum(chr(0xaa) x 80),
++ 'aa4ae5e15272d00e95705637ce8a3b55ed402112',
++ 'right hmac sha1 checksum'
++);
++is( b( "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"
++ )->hmac_sha1_sum(chr(0xaa) x 80),
++ 'e8e99d0f45237d786d6bbaa7965c7808bbff1a91',
++ 'right hmac sha1 checksum'
++);
++
+ # html_escape
+ $stream = b('foobar<baz>');
+ is($stream->html_escape, 'foobar<baz>', 'right html escaped result');
+Only in Mojolicious-0.999925.hmac/t/mojo: bytestream.t.orig
+Only in Mojolicious-0.999925.hmac/t/mojo: bytestream.t.rej
diff --git a/perl-Mojolicious-security-CVE-2011-1841.patch b/perl-Mojolicious-security-CVE-2011-1841.patch
new file mode 100644
index 0000000..38b8dcd
--- /dev/null
+++ b/perl-Mojolicious-security-CVE-2011-1841.patch
@@ -0,0 +1,14 @@
+Only in Mojolicious-0.999925.xss: Changes.orig
+Only in Mojolicious-0.999925.xss: Changes.rej
+diff -ur Mojolicious-0.999925/lib/Mojolicious/Plugin/TagHelpers.pm Mojolicious-0.999925.xss/lib/Mojolicious/Plugin/TagHelpers.pm
+--- Mojolicious-0.999925/lib/Mojolicious/Plugin/TagHelpers.pm 2010-05-25 19:21:45.000000000 +0300
++++ Mojolicious-0.999925.xss/lib/Mojolicious/Plugin/TagHelpers.pm 2011-05-03 20:18:35.768803106 +0300
+@@ -73,7 +73,7 @@
+ my $captures = ref $_[0] eq 'HASH' ? shift : {};
+
+ # Default content
+- push @_, sub { ucfirst $name }
++ push @_, sub { $name = Mojo::ByteStream->new($name)->xml_escape->to_string; ucfirst $name }
+ unless defined $_[-1] && ref $_[-1] eq 'CODE';
+
+ $self->_tag('a', href => $c->url_for($name, $captures), @_);
diff --git a/perl-Mojolicious.spec b/perl-Mojolicious.spec
index 82a81c1..e89e67b 100644
--- a/perl-Mojolicious.spec
+++ b/perl-Mojolicious.spec
@@ -1,18 +1,21 @@
Name: perl-Mojolicious
Version: 0.999925
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: A next generation web framework for Perl
License: Artistic 2.0
Group: Development/Libraries
URL: http://mojolicious.org/
Source0: http://www.cpan.org/authors/id/K/KR/KRAIH/Mojolicious-%{version}.tar.gz
Patch0: perl-Mojolicious-security-bug697230.patch
+Patch1: perl-Mojolicious-security-CVE-2010-4802.patch
+Patch2: perl-Mojolicious-security-CVE-2011-1841.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl >= 0:5.008007
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(Test::Builder)
BuildRequires: perl(Test::Harness)
+BuildRequires: perl(Digest::SHA)
BuildRequires: perl(Test::More)
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -27,6 +30,8 @@ a new attempt at implementing this idea using state of the art technology.
%prep
%setup -q -n Mojolicious-%{version}
%patch0 -p1 -b .bug697230
+%patch1 -p1 -b .CVE-2010-4802
+%patch2 -p1 -b .CVE-2011-1841
chmod -x lib/Mojo/CookieJar.pm
%build
@@ -61,6 +66,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man3/*
%changelog
+* Tue May 3 2011 Yanko Kaneti <yaneti@xxxxxxxxxxx> 0.999925-4
+- Blind attempt at CVE-2010-4803(#701718) and CVE-2011-1841.
+
* Sun Apr 17 2011 Yanko Kaneti <yaneti@xxxxxxxxxxx> 0.999925-3
- Security bugfix attempt.
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
