From c045fc83530101ae8ebab3bb2069bab52bab8d8e Mon Sep 17 00:00:00 2001 From: Jitka Plesnikova Date: Mon, 10 Jun 2013 15:52:56 +0200 Subject: [PATCH] 1.3115 bump --- .gitignore | 1 + Dancer-1.3113-CVE-2012-5572-1.patch | 59 ----------------------------- perl-Dancer.spec | 8 ++-- sources | 2 +- 4 files changed, 6 insertions(+), 64 deletions(-) delete mode 100644 Dancer-1.3113-CVE-2012-5572-1.patch diff --git a/.gitignore b/.gitignore index 7f9caee..c8b222f 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ /Dancer-1.3112.tar.gz /Dancer-1.3113.tar.gz /Dancer-1.3114.tar.gz +/Dancer-1.3115.tar.gz diff --git a/Dancer-1.3113-CVE-2012-5572-1.patch b/Dancer-1.3113-CVE-2012-5572-1.patch deleted file mode 100644 index 23c3628..0000000 --- a/Dancer-1.3113-CVE-2012-5572-1.patch +++ /dev/null @@ -1,59 +0,0 @@ -From d21a0983fa95ffea2b50ad5af84cc93f4ce5f4d2 Mon Sep 17 00:00:00 2001 -From: Colin Keith -Date: Sat, 25 May 2013 00:46:53 -0400 -Subject: [PATCH 1/2] test and resolution for CVE-2012-5572, \r\n sequence - being allowed in a cookie name fixes PerlDancer/Dancer#859 - ---- - t/12_response/11_CVE-2012-5572.t | 39 +++++++++++++++++++++++++++++++++++++++ - 1 file changed, 39 insertions(+) - create mode 100644 t/12_response/11_CVE-2012-5572.t - -diff --git a/t/12_response/11_CVE-2012-5572.t b/t/12_response/11_CVE-2012-5572.t -new file mode 100644 -index 0000000..2b6eacb ---- /dev/null -+++ b/t/12_response/11_CVE-2012-5572.t -@@ -0,0 +1,39 @@ -+package main; -+use strict; -+use warnings; -+use Test::More tests => 2, import => ['!pass']; -+ -+{ -+ use Dancer; -+ get '/CVE-2012-5572-cookie' => sub { -+ cookie "test\r\nX-Evil-Header: " => "evil"; -+ }; -+} -+ -+ -+use Dancer::Test; -+{ -+ note "Testing CVE-2012-5572 (CRLF in response headers)"; -+ my $req = [GET => '/CVE-2012-5572-cookie']; -+ route_exists $req; -+ my $response = Dancer::Test::_req_to_response($req); -+ -+ my $CRLF = "\r\n"; -+ -+ my $tb = Test::Builder->new; -+ my %headers = @{$response->headers_to_array}; -+ my $foundCRLF = 0; -+ while (my($name, $value) = each %headers) { -+ index($value, $CRLF) == -1 -+ && index($name, $CRLF) == -1 -+ && next; -+ $foundCRLF = 1; -+ last; -+ } -+ -+ $tb->ok(!$foundCRLF, 'Headers do not contain CRLF (CVE-2012-5572)'); -+} -+ -+ -+1; -+ --- -1.8.1.4 - diff --git a/perl-Dancer.spec b/perl-Dancer.spec index 0c9d4f8..ececb43 100644 --- a/perl-Dancer.spec +++ b/perl-Dancer.spec @@ -1,13 +1,11 @@ Name: perl-Dancer -Version: 1.3114 +Version: 1.3115 Release: 1%{?dist} Summary: Lightweight yet powerful web application framework License: GPL+ or Artistic Group: Development/Libraries URL: http://search.cpan.org/dist/Dancer/ Source0: http://www.cpan.org/authors/id/Y/YA/YANICK/Dancer-%{version}.tar.gz -# Bug #880330, test for CVE-2012-5572, GiHub #PerlDancer/Dancer/859 -Patch0: Dancer-1.3113-CVE-2012-5572-1.patch BuildArch: noarch BuildRequires: perl BuildRequires: perl(base) @@ -94,7 +92,6 @@ your code. %prep %setup -q -n Dancer-%{version} -%patch0 -p1 %build perl Makefile.PL INSTALLDIRS=vendor @@ -116,6 +113,9 @@ make test %{_mandir}/man3/* %changelog +* Mon Jun 10 2013 Jitka Plesnikova - 1.3115-1 +- 1.3115 bump + * Tue Jun 04 2013 Petr Pisar - 1.3114-1 - 1.3114 bump diff --git a/sources b/sources index 5979f76..191de04 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2c06c0a80b68fb0785c265ce001078a7 Dancer-1.3114.tar.gz +d52ec2265d264cca225003b98081ce6b Dancer-1.3115.tar.gz