[perl-CGI-Simple/el6/master] patch for randomizing boundary (bz 658973)

Tom Callaway spot at fedoraproject.org
Wed Dec 1 18:49:48 UTC 2010 

commit 0ff51c089bc94036a6cb71237c0ac8e5c39c0662
Author: Tom "spot" Callaway <tcallawa at redhat.com>
Date:   Wed Dec 1 13:50:12 2010 -0500

    patch for randomizing boundary (bz 658973)

 perl-CGI-Simple-boundary-fix.patch |   54 ++++++++++++++++++++++++++++++++++++
 perl-CGI-Simple.spec               |    9 +++++-
 2 files changed, 62 insertions(+), 1 deletions(-)
---
diff --git a/perl-CGI-Simple-boundary-fix.patch b/perl-CGI-Simple-boundary-fix.patch
new file mode 100644
index 0000000..4b1f8db
--- /dev/null
+++ b/perl-CGI-Simple-boundary-fix.patch
@@ -0,0 +1,54 @@
+diff -up CGI-Simple-1.112/lib/CGI/Simple.pm.boundary-fix CGI-Simple-1.112/lib/CGI/Simple.pm
+--- CGI-Simple-1.112/lib/CGI/Simple.pm.boundary-fix	2009-05-31 06:43:05.000000000 -0400
++++ CGI-Simple-1.112/lib/CGI/Simple.pm	2010-12-01 13:25:51.647803001 -0500
+@@ -1105,7 +1105,14 @@ sub multipart_init {
+   my ( $self, @p ) = @_;
+   use CGI::Simple::Util qw(rearrange);
+   my ( $boundary, @other ) = rearrange( ['BOUNDARY'], @p );
+-  $boundary = $boundary || '------- =_aaaaaaaaaa0';
++  if (!$boundary) {
++      $boundary = '------- =_';
++      my @chrs = ('0'..'9', 'A'..'Z', 'a'..'z');
++      for (1..17) {
++          $boundary .= $chrs[rand(scalar @chrs)];
++      }
++  }
++
+   my $CRLF = $self->crlf;    # get CRLF sequence
+   my $warning
+    = "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY.";
+diff -up CGI-Simple-1.112/t/050.simple.t.boundary-fix CGI-Simple-1.112/t/050.simple.t
+--- CGI-Simple-1.112/t/050.simple.t.boundary-fix	2010-12-01 13:46:01.565803000 -0500
++++ CGI-Simple-1.112/t/050.simple.t	2010-12-01 13:46:30.965803001 -0500
+@@ -945,10 +945,11 @@ $q = new CGI::Simple;
+ $sv = $q->multipart_init();
+ like(
+   $sv,
+-  qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|,
++  qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|,
+   'multipart_init(), 1'
+ );
+-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' );
++like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/,
++  'multipart_init(), 2' );
+ $sv = $q->multipart_init( 'this_is_the_boundary' );
+ like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' );
+ $sv = $q->multipart_init( -boundary => 'this_is_another_boundary' );
+diff -up CGI-Simple-1.112/t/070.standard.t.boundary-fix CGI-Simple-1.112/t/070.standard.t
+--- CGI-Simple-1.112/t/070.standard.t.boundary-fix	2010-12-01 13:46:46.365803003 -0500
++++ CGI-Simple-1.112/t/070.standard.t	2010-12-01 13:47:20.993803003 -0500
+@@ -953,10 +953,12 @@ restore_parameters();
+ $sv = multipart_init();
+ like(
+   $sv,
+-  qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|,
++  qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|,
+   'multipart_init(), 1'
+ );
+-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' );
++
++like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/,
++  'multipart_init(), 2' );
+ $sv = multipart_init( 'this_is_the_boundary' );
+ like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' );
+ $sv = multipart_init( -boundary => 'this_is_another_boundary' );
diff --git a/perl-CGI-Simple.spec b/perl-CGI-Simple.spec
index 4f0baa7..cc9748a 100644
--- a/perl-CGI-Simple.spec
+++ b/perl-CGI-Simple.spec
@@ -1,11 +1,13 @@
 Name:           perl-CGI-Simple
 Version:        1.112
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Simple totally OO CGI interface that is CGI.pm compliant
 Group:          Development/Libraries
 License:        GPL+ or Artistic
 URL:            http://search.cpan.org/dist/CGI-Simple/
 Source0:        http://search.cpan.org/CPAN/authors/id/A/AN/ANDYA/CGI-Simple-%{version}.tar.gz
+# https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
+Patch0:		perl-CGI-Simple-boundary-fix.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildArch:      noarch
@@ -17,10 +19,12 @@ Requires:  perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 
 %prep
 %setup -q -n CGI-Simple-%{version}
+%patch0 -p1 -b .boundary-fix
 chmod -x Changes README
 perldoc -t perlartistic > Artistic
 perldoc -t perlgpl > COPYING
 
+
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor
 make 
@@ -46,6 +50,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Wed Dec  1 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 1.112-2
+- patch for randomizing boundary (bz 658973)
+
 * Mon Jul 12 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 1.112-1
 - update to 1.112

More information about the scm-commits mailing list