From 8db1cdf2d659f01955e39f5b59b99a01ac052b53 Mon Sep 17 00:00:00 2001 From: jasper Date: Mon, 6 Dec 2010 07:59:34 +0000 Subject: [PATCH] - missed in previous: - SECURITY FIX for SA42443, "multipart_init()" HTTP Header Injection Vulnerability from upstream git. --- .../patches/patch-lib_CGI_Simple_pm | 23 +++++++++++++++++++ .../patches/patch-t_050_simple_t | 21 +++++++++++++++++ .../patches/patch-t_070_standard_t | 22 ++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 www/p5-CGI-Simple/patches/patch-lib_CGI_Simple_pm create mode 100644 www/p5-CGI-Simple/patches/patch-t_050_simple_t create mode 100644 www/p5-CGI-Simple/patches/patch-t_070_standard_t diff --git a/www/p5-CGI-Simple/patches/patch-lib_CGI_Simple_pm b/www/p5-CGI-Simple/patches/patch-lib_CGI_Simple_pm new file mode 100644 index 00000000000..39bd7a1a4ba --- /dev/null +++ b/www/p5-CGI-Simple/patches/patch-lib_CGI_Simple_pm @@ -0,0 +1,23 @@ +$OpenBSD: patch-lib_CGI_Simple_pm,v 1.1 2010/12/06 07:59:34 jasper Exp $ + +Fix for SA42443, "multipart_init()" HTTP Header Injection Vulnerability +From: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380 + +--- lib/CGI/Simple.pm.orig Sun May 31 12:43:05 2009 ++++ lib/CGI/Simple.pm Mon Dec 6 08:56:55 2010 +@@ -1105,7 +1105,14 @@ sub multipart_init { + my ( $self, @p ) = @_; + use CGI::Simple::Util qw(rearrange); + my ( $boundary, @other ) = rearrange( ['BOUNDARY'], @p ); +- $boundary = $boundary || '------- =_aaaaaaaaaa0'; ++ if ( !$boundary ) { ++ $boundary = '------- =_'; ++ my @chrs = ( '0' .. '9', 'A' .. 'Z', 'a' .. 'z' ); ++ for ( 1 .. 17 ) { ++ $boundary .= $chrs[ rand( scalar @chrs ) ]; ++ } ++ } ++ + my $CRLF = $self->crlf; # get CRLF sequence + my $warning + = "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY."; diff --git a/www/p5-CGI-Simple/patches/patch-t_050_simple_t b/www/p5-CGI-Simple/patches/patch-t_050_simple_t new file mode 100644 index 00000000000..ab7abf9f1f8 --- /dev/null +++ b/www/p5-CGI-Simple/patches/patch-t_050_simple_t @@ -0,0 +1,21 @@ +$OpenBSD: patch-t_050_simple_t,v 1.1 2010/12/06 07:59:34 jasper Exp $ + +Fix for SA42443, "multipart_init()" HTTP Header Injection Vulnerability +From: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380 + +--- t/050.simple.t.orig Mon Dec 6 08:55:29 2010 ++++ t/050.simple.t Mon Dec 6 08:55:35 2010 +@@ -945,10 +945,11 @@ $q = new CGI::Simple; + $sv = $q->multipart_init(); + like( + $sv, +- qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|, ++ qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|, + 'multipart_init(), 1' + ); +-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' ); ++like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/, ++ 'multipart_init(), 2' ); + $sv = $q->multipart_init( 'this_is_the_boundary' ); + like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' ); + $sv = $q->multipart_init( -boundary => 'this_is_another_boundary' ); diff --git a/www/p5-CGI-Simple/patches/patch-t_070_standard_t b/www/p5-CGI-Simple/patches/patch-t_070_standard_t new file mode 100644 index 00000000000..457fd7a5ee1 --- /dev/null +++ b/www/p5-CGI-Simple/patches/patch-t_070_standard_t @@ -0,0 +1,22 @@ +$OpenBSD: patch-t_070_standard_t,v 1.1 2010/12/06 07:59:34 jasper Exp $ + +Fix for SA42443, "multipart_init()" HTTP Header Injection Vulnerability +From: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380 + +--- t/070.standard.t.orig Mon Dec 6 08:55:45 2010 ++++ t/070.standard.t Mon Dec 6 08:55:48 2010 +@@ -953,10 +953,12 @@ restore_parameters(); + $sv = multipart_init(); + like( + $sv, +- qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|, ++ qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|, + 'multipart_init(), 1' + ); +-like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' ); ++ ++like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/, ++ 'multipart_init(), 2' ); + $sv = multipart_init( 'this_is_the_boundary' ); + like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' ); + $sv = multipart_init( -boundary => 'this_is_another_boundary' );