[perl-HTTP-Tiny/f20] Unescape any basic authentication stanza

Petr Pisar ppisar at fedoraproject.org
Tue Nov 19 15:12:05 UTC 2013 

commit 054f1f2f51d5d19cfd4c7b17beed1559d7bd379e
Author: Petr Písař <ppisar at redhat.com>
Date:   Tue Nov 19 15:58:39 2013 +0100

    Unescape any basic authentication stanza

 ...-unescape-any-basic-authentication-stanza.patch |   82 ++++++++++++++++++++
 perl-HTTP-Tiny.spec                                |    8 ++-
 2 files changed, 89 insertions(+), 1 deletions(-)
---
diff --git a/HTTP-Tiny-0.034-unescape-any-basic-authentication-stanza.patch b/HTTP-Tiny-0.034-unescape-any-basic-authentication-stanza.patch
new file mode 100644
index 0000000..bec33f5
--- /dev/null
+++ b/HTTP-Tiny-0.034-unescape-any-basic-authentication-stanza.patch
@@ -0,0 +1,82 @@
+From 00821c1f1a9635ff38c43fff9728e0e650c398a7 Mon Sep 17 00:00:00 2001
+From: David Golden <dagolden at cpan.org>
+Date: Mon, 28 Oct 2013 13:23:35 -0400
+Subject: [PATCH] unescape any basic authentication stanza
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Petr Pisar: Ported to 0.034.
+
+Signed-off-by: Petr Písař <ppisar at redhat.com>
+---
+ MANIFEST            |  1 +
+ lib/HTTP/Tiny.pm    |  7 +++++++
+ t/cases/auth-04.txt | 18 ++++++++++++++++++
+ 3 files changed, 26 insertions(+)
+ create mode 100644 t/cases/auth-04.txt
+
+diff --git a/MANIFEST b/MANIFEST
+index a3b599d..5b046cc 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -46,6 +46,7 @@ t/Util.pm
+ t/cases/auth-01.txt
+ t/cases/auth-02.txt
+ t/cases/auth-03.txt
++t/cases/auth-04.txt
+ t/cases/cookies-01.txt
+ t/cases/cookies-02.txt
+ t/cases/cookies-03.txt
+diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
+index 30ef26c..6a045f6 100644
+--- a/lib/HTTP/Tiny.pm
++++ b/lib/HTTP/Tiny.pm
+@@ -393,6 +393,8 @@ sub _split_url {
+     $authority = (length($authority)) ? $authority : 'localhost';
+     if ( $authority =~ /@/ ) {
+         ($auth,$host) = $authority =~ m/\A([^@]*)@(.*)\z/;   # user:pass at host
++        # userinfo might be percent escaped, so recover real auth info
++        $auth =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;
+     }
+     else {
+         $host = $authority;
+@@ -1187,6 +1189,11 @@ redirected request.) For example:
+ 
+     $http->request('GET', 'http://Aladdin:open sesame at example.com/');
+ 
++If the "user:password" stanza contains reserved characters, they must
++be percent-escaped:
++
++    $http->request('GET', 'http://john%40example.com:password@example.com/');
++
+ A hashref of options may be appended to modify the request.
+ 
+ Valid options are:
+diff --git a/t/cases/auth-04.txt b/t/cases/auth-04.txt
+new file mode 100644
+index 0000000..2c832a0
+--- /dev/null
++++ b/t/cases/auth-04.txt
+@@ -0,0 +1,18 @@
++url
++  http://rjbs%40cpan.org:password@example.com/index.html
++expected
++  abcdefghijklmnopqrstuvwxyz1234567890abcdef
++----------
++GET /index.html HTTP/1.1
++Host: example.com
++Connection: close
++User-Agent: HTTP-Tiny/VERSION
++Authorization: Basic cmpic0BjcGFuLm9yZzpwYXNzd29yZA==
++
++----------
++HTTP/1.1 200 OK
++Date: Thu, 03 Feb 1994 00:00:00 GMT
++Content-Type: text/plain
++Content-Length: 42
++
++abcdefghijklmnopqrstuvwxyz1234567890abcdef
+-- 
+1.8.3.1
+
diff --git a/perl-HTTP-Tiny.spec b/perl-HTTP-Tiny.spec
index eb66166..4c8f8ea 100644
--- a/perl-HTTP-Tiny.spec
+++ b/perl-HTTP-Tiny.spec
@@ -1,11 +1,13 @@
 Name:           perl-HTTP-Tiny
 Version:        0.034
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Small, simple, correct HTTP/1.1 client
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/HTTP-Tiny/
 Source0:        http://www.cpan.org/authors/id/D/DA/DAGOLDEN/HTTP-Tiny-%{version}.tar.gz
+# Bug #1032089, in upstream 0.037
+Patch0:         HTTP-Tiny-0.034-unescape-any-basic-authentication-stanza.patch
 BuildArch:      noarch
 BuildRequires:  perl
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.30
@@ -52,6 +54,7 @@ resumes after EINTR.
 
 %prep
 %setup -q -n HTTP-Tiny-%{version}
+%patch0 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor
@@ -71,6 +74,9 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Tue Nov 19 2013 Petr Pisar <ppisar at redhat.com> - 0.034-4
+- Unescape any basic authentication stanza (bug #1032089)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.034-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

More information about the scm-commits mailing list