diff --git a/www/p5-CGI-Simple/Makefile b/www/p5-CGI-Simple/Makefile index 445d8c24dc7..524739b70f6 100644 --- a/www/p5-CGI-Simple/Makefile +++ b/www/p5-CGI-Simple/Makefile @@ -1,17 +1,15 @@ -# $OpenBSD: Makefile,v 1.19 2015/11/05 19:08:59 jca Exp $ +# $OpenBSD: Makefile,v 1.20 2015/11/26 14:07:31 benoit Exp $ -COMMENT= drop-in object-oriented CGI.pm replacement +COMMENT = drop-in object-oriented CGI.pm replacement -MODULES= cpan -DISTNAME= CGI-Simple-1.112 -REVISION= 2 -CATEGORIES= www +MODULES = cpan +DISTNAME = CGI-Simple-1.115 +CATEGORIES = www # Perl -PERMIT_PACKAGE_CDROM= Yes +PERMIT_PACKAGE_CDROM = Yes -CONFIGURE_STYLE=modbuild -RUN_DEPENDS= devel/p5-IO-stringy -TEST_DEPENDS= www/p5-libwww +RUN_DEPENDS = devel/p5-IO-stringy +TEST_DEPENDS = www/p5-libwww .include diff --git a/www/p5-CGI-Simple/distinfo b/www/p5-CGI-Simple/distinfo index c36e3c50453..308c4810240 100644 --- a/www/p5-CGI-Simple/distinfo +++ b/www/p5-CGI-Simple/distinfo @@ -1,2 +1,2 @@ -SHA256 (CGI-Simple-1.112.tar.gz) = UGqWlmZG2eTyuJ375rIgT3XCIZSh4la4+fin7tnPVVI= -SIZE (CGI-Simple-1.112.tar.gz) = 100173 +SHA256 (CGI-Simple-1.115.tar.gz) = T4c7ydBVr7eyE2hLW8ItMFpFb0PGUTd9PySXF2pYfto= +SIZE (CGI-Simple-1.115.tar.gz) = 85165 diff --git a/www/p5-CGI-Simple/patches/patch-lib_CGI_Simple_pm b/www/p5-CGI-Simple/patches/patch-lib_CGI_Simple_pm deleted file mode 100644 index 39bd7a1a4ba..00000000000 --- a/www/p5-CGI-Simple/patches/patch-lib_CGI_Simple_pm +++ /dev/null @@ -1,23 +0,0 @@ -$OpenBSD: patch-lib_CGI_Simple_pm,v 1.1 2010/12/06 07:59:34 jasper Exp $ - -Fix for SA42443, "multipart_init()" HTTP Header Injection Vulnerability -From: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380 - ---- lib/CGI/Simple.pm.orig Sun May 31 12:43:05 2009 -+++ lib/CGI/Simple.pm Mon Dec 6 08:56:55 2010 -@@ -1105,7 +1105,14 @@ sub multipart_init { - my ( $self, @p ) = @_; - use CGI::Simple::Util qw(rearrange); - my ( $boundary, @other ) = rearrange( ['BOUNDARY'], @p ); -- $boundary = $boundary || '------- =_aaaaaaaaaa0'; -+ if ( !$boundary ) { -+ $boundary = '------- =_'; -+ my @chrs = ( '0' .. '9', 'A' .. 'Z', 'a' .. 'z' ); -+ for ( 1 .. 17 ) { -+ $boundary .= $chrs[ rand( scalar @chrs ) ]; -+ } -+ } -+ - my $CRLF = $self->crlf; # get CRLF sequence - my $warning - = "WARNING: YOUR BROWSER DOESN'T SUPPORT THIS SERVER-PUSH TECHNOLOGY."; diff --git a/www/p5-CGI-Simple/patches/patch-t_050_simple_t b/www/p5-CGI-Simple/patches/patch-t_050_simple_t deleted file mode 100644 index ab7abf9f1f8..00000000000 --- a/www/p5-CGI-Simple/patches/patch-t_050_simple_t +++ /dev/null @@ -1,21 +0,0 @@ -$OpenBSD: patch-t_050_simple_t,v 1.1 2010/12/06 07:59:34 jasper Exp $ - -Fix for SA42443, "multipart_init()" HTTP Header Injection Vulnerability -From: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380 - ---- t/050.simple.t.orig Mon Dec 6 08:55:29 2010 -+++ t/050.simple.t Mon Dec 6 08:55:35 2010 -@@ -945,10 +945,11 @@ $q = new CGI::Simple; - $sv = $q->multipart_init(); - like( - $sv, -- qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|, -+ qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|, - 'multipart_init(), 1' - ); --like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' ); -+like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/, -+ 'multipart_init(), 2' ); - $sv = $q->multipart_init( 'this_is_the_boundary' ); - like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' ); - $sv = $q->multipart_init( -boundary => 'this_is_another_boundary' ); diff --git a/www/p5-CGI-Simple/patches/patch-t_070_standard_t b/www/p5-CGI-Simple/patches/patch-t_070_standard_t deleted file mode 100644 index 457fd7a5ee1..00000000000 --- a/www/p5-CGI-Simple/patches/patch-t_070_standard_t +++ /dev/null @@ -1,22 +0,0 @@ -$OpenBSD: patch-t_070_standard_t,v 1.1 2010/12/06 07:59:34 jasper Exp $ - -Fix for SA42443, "multipart_init()" HTTP Header Injection Vulnerability -From: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380 - ---- t/070.standard.t.orig Mon Dec 6 08:55:45 2010 -+++ t/070.standard.t Mon Dec 6 08:55:48 2010 -@@ -953,10 +953,12 @@ restore_parameters(); - $sv = multipart_init(); - like( - $sv, -- qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_aaaaaaaaaa0"|, -+ qr|Content-Type: multipart/x-mixed-replace;boundary="------- =_[a-zA-Z0-9]{17}"|, - 'multipart_init(), 1' - ); --like( $sv, qr/--------- =_aaaaaaaaaa0$CRLF/, 'multipart_init(), 2' ); -+ -+like( $sv, qr/--------- =_[a-zA-Z0-9]{17}$CRLF/, -+ 'multipart_init(), 2' ); - $sv = multipart_init( 'this_is_the_boundary' ); - like( $sv, qr/boundary="this_is_the_boundary"/, 'multipart_init(), 3' ); - $sv = multipart_init( -boundary => 'this_is_another_boundary' );