[perl-CGI-Simple/f13/master] 1.113 + CVE-2010-4411 patch

Tom Callaway spot at fedoraproject.org
Fri Jan 21 16:33:57 UTC 2011 

commit f3564af77daf211629a6a1eeac4c638a9a104035
Author: Tom "spot" Callaway <tcallawa at redhat.com>
Date:   Fri Jan 21 11:34:45 2011 -0500

    1.113 + CVE-2010-4411 patch

 perl-CGI-Simple-CVE-2010-4411.patch |   12 ++++++++++++
 perl-CGI-Simple.spec                |   13 ++++++++-----
 sources                             |    2 +-
 3 files changed, 21 insertions(+), 6 deletions(-)
---
diff --git a/perl-CGI-Simple-CVE-2010-4411.patch b/perl-CGI-Simple-CVE-2010-4411.patch
new file mode 100644
index 0000000..953c1ce
--- /dev/null
+++ b/perl-CGI-Simple-CVE-2010-4411.patch
@@ -0,0 +1,12 @@
+diff -up CGI-Simple-1.113/lib/CGI/Simple.pm.BAD CGI-Simple-1.113/lib/CGI/Simple.pm
+--- CGI-Simple-1.113/lib/CGI/Simple.pm.BAD	2011-01-21 11:29:26.906996002 -0500
++++ CGI-Simple-1.113/lib/CGI/Simple.pm	2011-01-21 11:29:39.805996001 -0500
+@@ -1007,7 +1007,7 @@ sub header {
+       $header =~ s/$CRLF(\s)/$1/g;
+ 
+       # All other uses of newlines are invalid input.
+-      if ( $header =~ m/$CRLF/ ) {
++      if ($header =~ m/$CRLF|\015|\012/) {
+         # shorten very long values in the diagnostic
+         $header = substr( $header, 0, 72 ) . '...'
+          if ( length $header > 72 );
diff --git a/perl-CGI-Simple.spec b/perl-CGI-Simple.spec
index cc9748a..1ff24a8 100644
--- a/perl-CGI-Simple.spec
+++ b/perl-CGI-Simple.spec
@@ -1,13 +1,13 @@
 Name:           perl-CGI-Simple
-Version:        1.112
-Release:        2%{?dist}
+Version:        1.113
+Release:        1%{?dist}
 Summary:        Simple totally OO CGI interface that is CGI.pm compliant
 Group:          Development/Libraries
 License:        GPL+ or Artistic
 URL:            http://search.cpan.org/dist/CGI-Simple/
 Source0:        http://search.cpan.org/CPAN/authors/id/A/AN/ANDYA/CGI-Simple-%{version}.tar.gz
-# https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
-Patch0:		perl-CGI-Simple-boundary-fix.patch
+# https://github.com/markstos/CGI--Simple/commit/e811ab874a5e0ac8a99e76b645a0e537d8f714da
+Patch0:		perl-CGI-Simple-CVE-2010-4411.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildArch:      noarch
@@ -19,7 +19,7 @@ Requires:  perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 
 %prep
 %setup -q -n CGI-Simple-%{version}
-%patch0 -p1 -b .boundary-fix
+%patch0 -p1 -b .CVE-2010-4411
 chmod -x Changes README
 perldoc -t perlartistic > Artistic
 perldoc -t perlgpl > COPYING
@@ -50,6 +50,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Jan 21 2011 Tom Callaway <spot at fedoraproject.org> - 1.113-1
+- Update to 1.113, apply additional patch to fully resolve CVE-2010-4411
+
 * Wed Dec  1 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 1.112-2
 - patch for randomizing boundary (bz 658973)
 
diff --git a/sources b/sources
index cbff1fd..4b0be10 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-6a59dd252317b94fffe0aa3fdae206c7  CGI-Simple-1.112.tar.gz
+50c50dbec87b822e3f2285e41cb23519  CGI-Simple-1.113.tar.gz

More information about the perl-devel mailing list