diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /dev-perl/HTTP-Body | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'dev-perl/HTTP-Body')
| -rw-r--r-- | dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild | 33 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild | 45 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/Manifest | 2 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch | 31 | ||||
| -rw-r--r-- | dev-perl/HTTP-Body/metadata.xml | 14 |
5 files changed, 125 insertions, 0 deletions
diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild new file mode 100644 index 000000000000..f74816b3cfc5 --- /dev/null +++ b/dev-perl/HTTP-Body/HTTP-Body-1.190.0.ebuild @@ -0,0 +1,33 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +MODULE_AUTHOR=GETTY +MODULE_VERSION=1.19 +inherit perl-module + +DESCRIPTION="HTTP Body Parser" + +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="test" + +RDEPEND=" + virtual/perl-Carp + virtual/perl-Digest-MD5 + >=virtual/perl-File-Temp-0.140.0 + dev-perl/libwww-perl + >=virtual/perl-IO-1.140.0 +" +DEPEND="${RDEPEND} + test? ( + dev-perl/Test-Deep + >=virtual/perl-Test-Simple-0.860.0 + ) +" + +PATCHES=( "${FILESDIR}/${P}-CVE-2013-4407.patch" ) + +SRC_TEST=do diff --git a/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild new file mode 100644 index 000000000000..7daa181c0d84 --- /dev/null +++ b/dev-perl/HTTP-Body/HTTP-Body-1.220.0.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +MODULE_AUTHOR=GETTY +MODULE_VERSION=1.22 +inherit perl-module + +DESCRIPTION="HTTP Body Parser" + +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="test" + +# HTTP::Headers -> HTTP-Message +# HTTP::Request::Common -> HTTP-Message +# IO::File -> IO +RDEPEND=" + virtual/perl-Carp + virtual/perl-Digest-MD5 + >=virtual/perl-File-Temp-0.140.0 + dev-perl/HTTP-Message + >=virtual/perl-IO-1.140.0 +" +DEPEND="${RDEPEND} + virtual/perl-ExtUtils-MakeMaker + test? ( + virtual/perl-Encode + virtual/perl-File-Spec + >=virtual/perl-File-Temp-0.140.0 + dev-perl/HTTP-Message + dev-perl/Test-Deep + >=virtual/perl-Test-Simple-0.860.0 + ) +" +PERL_RM_FILES=( + t/02pod.t + t/03podcoverage.t + t/04critic.t +) +PATCHES=( "${FILESDIR}/${PN}-1.190.0-CVE-2013-4407.patch" ) + +SRC_TEST=do diff --git a/dev-perl/HTTP-Body/Manifest b/dev-perl/HTTP-Body/Manifest new file mode 100644 index 000000000000..41d35bea381f --- /dev/null +++ b/dev-perl/HTTP-Body/Manifest @@ -0,0 +1,2 @@ +DIST HTTP-Body-1.19.tar.gz 24189 SHA256 01506ac3a19ac96083e0aa3881378fb934bf466e7dca4b9fc1dcbc0fa49e102a SHA512 c2ef3ba34eaebfe8f16329f5735c467cb8b8cd8611104fb6a84a55eccfa06daf1fece49056a111f8d652dd1df4f1bad5c7e1c54f767fda4d150ba6f787c79a16 WHIRLPOOL fc74c6cc67d18254d250d8530ca3c3dfe6c3520d625f8020fa687aadb1f29c15feaf55690dcddd01b8dfbbf9893bf0feded005cc9960b3ef4264d3a6bf903eb1 +DIST HTTP-Body-1.22.tar.gz 26163 SHA256 fc0d2c585b3bd1532d92609965d589e0c87cd380e7cca42fb9ad0a1311227297 SHA512 62665989d76699a3c3747d8f4e23d2009488bc229220bcf6fc07fc425e6ac5118f6ea48c75af681c2f29e9ed644d7a7979368cc36df77aca0544786b523c9cfe WHIRLPOOL f796dda283d26448d2147b36d9883366ea4b21ce31b30f79d90d66e5b5387e983298252e67d329e60ef0daa8b1c27bde031a8b324b21f62b9640bc6b46c22426 diff --git a/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch b/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch new file mode 100644 index 000000000000..292cac3aa6f4 --- /dev/null +++ b/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch @@ -0,0 +1,31 @@ +Description: Allow only word characters in filename suffixes + CVE-2013-4407: Allow only word characters in filename suffixes. An + attacker able to upload files to a service that uses + HTTP::Body::Multipart could use this issue to upload a file and create + a specifically-crafted temporary filename on the server, that when + processed without further validation, could allow execution of commands + on the server. +Origin: vendor +Bug: https://rt.cpan.org/Ticket/Display.html?id=88342 +Bug-Debian: http://bugs.debian.org/721634 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669 +Forwarded: no +Author: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2013-10-21 + +Updated by Andreas K. Huettel <dilfridge@gentoo.org> for HTTP-Body-1.19 + +diff -ruN HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm +--- HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm 2013-12-06 16:07:25.000000000 +0100 ++++ HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm 2014-11-30 23:17:19.652051615 +0100 +@@ -258,8 +258,8 @@ + + =cut + +-our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; +-#our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; ++#our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/; ++our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/; + + sub handler { + my ( $self, $part ) = @_; diff --git a/dev-perl/HTTP-Body/metadata.xml b/dev-perl/HTTP-Body/metadata.xml new file mode 100644 index 000000000000..d0ddb33a9b23 --- /dev/null +++ b/dev-perl/HTTP-Body/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>perl</herd> + <upstream> + <remote-id type="cpan">HTTP-Body</remote-id> + <remote-id type="cpan-module">HTTP::Body</remote-id> + <remote-id type="cpan-module">HTTP::Body::MultiPart</remote-id> + <remote-id type="cpan-module">HTTP::Body::OctetStream</remote-id> + <remote-id type="cpan-module">HTTP::Body::UrlEncoded</remote-id> + <remote-id type="cpan-module">HTTP::Body::XForms</remote-id> + <remote-id type="cpan-module">HTTP::Body::XFormsMultipart</remote-id> + </upstream> +</pkgmetadata> |