1.3115 bump
This commit is contained in:
Jitka Plesnikova
parent
bc485e1676
commit
c045fc8353
|
|
@ -16,3 +16,4 @@
|
|||
/Dancer-1.3112.tar.gz
|
||||
/Dancer-1.3113.tar.gz
|
||||
/Dancer-1.3114.tar.gz
|
||||
/Dancer-1.3115.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,59 +0,0 @@
|
|||
From d21a0983fa95ffea2b50ad5af84cc93f4ce5f4d2 Mon Sep 17 00:00:00 2001
|
||||
From: Colin Keith <colinmkeith@gmail.com>
|
||||
Date: Sat, 25 May 2013 00:46:53 -0400
|
||||
Subject: [PATCH 1/2] test and resolution for CVE-2012-5572, \r\n sequence
|
||||
being allowed in a cookie name fixes PerlDancer/Dancer#859
|
||||
|
||||
---
|
||||
t/12_response/11_CVE-2012-5572.t | 39 +++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 39 insertions(+)
|
||||
create mode 100644 t/12_response/11_CVE-2012-5572.t
|
||||
|
||||
diff --git a/t/12_response/11_CVE-2012-5572.t b/t/12_response/11_CVE-2012-5572.t
|
||||
new file mode 100644
|
||||
index 0000000..2b6eacb
|
||||
--- /dev/null
|
||||
+++ b/t/12_response/11_CVE-2012-5572.t
|
||||
@@ -0,0 +1,39 @@
|
||||
+package main;
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+use Test::More tests => 2, import => ['!pass'];
|
||||
+
|
||||
+{
|
||||
+ use Dancer;
|
||||
+ get '/CVE-2012-5572-cookie' => sub {
|
||||
+ cookie "test\r\nX-Evil-Header: " => "evil";
|
||||
+ };
|
||||
+}
|
||||
+
|
||||
+
|
||||
+use Dancer::Test;
|
||||
+{
|
||||
+ note "Testing CVE-2012-5572 (CRLF in response headers)";
|
||||
+ my $req = [GET => '/CVE-2012-5572-cookie'];
|
||||
+ route_exists $req;
|
||||
+ my $response = Dancer::Test::_req_to_response($req);
|
||||
+
|
||||
+ my $CRLF = "\r\n";
|
||||
+
|
||||
+ my $tb = Test::Builder->new;
|
||||
+ my %headers = @{$response->headers_to_array};
|
||||
+ my $foundCRLF = 0;
|
||||
+ while (my($name, $value) = each %headers) {
|
||||
+ index($value, $CRLF) == -1
|
||||
+ && index($name, $CRLF) == -1
|
||||
+ && next;
|
||||
+ $foundCRLF = 1;
|
||||
+ last;
|
||||
+ }
|
||||
+
|
||||
+ $tb->ok(!$foundCRLF, 'Headers do not contain CRLF (CVE-2012-5572)');
|
||||
+}
|
||||
+
|
||||
+
|
||||
+1;
|
||||
+
|
||||
--
|
||||
1.8.1.4
|
||||
|
||||
|
|
@ -1,13 +1,11 @@
|
|||
Name: perl-Dancer
|
||||
Version: 1.3114
|
||||
Version: 1.3115
|
||||
Release: 1%{?dist}
|
||||
Summary: Lightweight yet powerful web application framework
|
||||
License: GPL+ or Artistic
|
||||
Group: Development/Libraries
|
||||
URL: http://search.cpan.org/dist/Dancer/
|
||||
Source0: http://www.cpan.org/authors/id/Y/YA/YANICK/Dancer-%{version}.tar.gz
|
||||
# Bug #880330, test for CVE-2012-5572, GiHub #PerlDancer/Dancer/859
|
||||
Patch0: Dancer-1.3113-CVE-2012-5572-1.patch
|
||||
BuildArch: noarch
|
||||
BuildRequires: perl
|
||||
BuildRequires: perl(base)
|
||||
|
|
@ -94,7 +92,6 @@ your code.
|
|||
|
||||
%prep
|
||||
%setup -q -n Dancer-%{version}
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
perl Makefile.PL INSTALLDIRS=vendor
|
||||
|
|
@ -116,6 +113,9 @@ make test
|
|||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Mon Jun 10 2013 Jitka Plesnikova <jplesnik@redhat.com> - 1.3115-1
|
||||
- 1.3115 bump
|
||||
|
||||
* Tue Jun 04 2013 Petr Pisar <ppisar@redhat.com> - 1.3114-1
|
||||
- 1.3114 bump
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue