r72662 - in /branches/squeeze/libmojolicious-perl/debian: changelog patches/disable-routes.t-tests.patch patches/improve-RFC3986-compliance-of-Mojo-Path.patch patches/series
carnil at users.alioth.debian.org
carnil at users.alioth.debian.org
Sat Apr 16 10:42:14 UTC 2011
Author: carnil
Date: Sat Apr 16 10:41:25 2011
New Revision: 72662
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=72662
Log:
Add improve-RFC3986-compliance-of-Mojo-Path.patch backported from
upstream commit 748ef373291dd342c18a0811f967ea0d88df5368. This
prevents FTBFS with the applied security patch. Thanks to Ansgar
Burchardt (ansgar).
Added:
branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch
Removed:
branches/squeeze/libmojolicious-perl/debian/patches/disable-routes.t-tests.patch
Modified:
branches/squeeze/libmojolicious-perl/debian/changelog
branches/squeeze/libmojolicious-perl/debian/patches/series
Modified: branches/squeeze/libmojolicious-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/changelog?rev=72662&op=diff
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/changelog (original)
+++ branches/squeeze/libmojolicious-perl/debian/changelog Sat Apr 16 10:41:25 2011
@@ -2,10 +2,12 @@
* [SECURITY] Add 622952-path-traversal-vulnerability.patch to fix path
traversal security vulnerability (Closes: #622952).
- * Add disable-routes.t-tests.patch to disable routes.t tests for bug
- in route unescaping.
+ * Add improve-RFC3986-compliance-of-Mojo-Path.patch backported from
+ upstream commit 748ef373291dd342c18a0811f967ea0d88df5368. This
+ prevents FTBFS with the applied security patch. Thanks to Ansgar
+ Burchardt (ansgar).
- -- Salvatore Bonaccorso <carnil at debian.org> Sat, 16 Apr 2011 10:53:50 +0200
+ -- Salvatore Bonaccorso <carnil at debian.org> Sat, 16 Apr 2011 12:40:57 +0200
libmojolicious-perl (0.999926-1) unstable; urgency=low
Added: branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch?rev=72662&op=file
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch (added)
+++ branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch Sat Apr 16 10:41:25 2011
@@ -1,0 +1,73 @@
+Description: Improve RFC3986 compliance of Mojo::Path.
+Origin: backport, commit: 748ef373291dd342c18a
+Forwarded: no
+Author: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2011-04-16
+
+--- a/lib/Mojo/Path.pm
++++ b/lib/Mojo/Path.pm
+@@ -92,8 +92,11 @@
+ my @parts;
+ for my $part (split '/', $path) {
+
+- # Garbage
+- next unless length $part;
++ # Empty parts before the first are garbage
++ next unless length $part or scalar @parts;
++
++ # mpty parts behind the first are ok
++ $part = '' unless defined $part;
+
+ # Store
+ push @parts, $part;
+--- a/t/mojo/url.t
++++ b/t/mojo/url.t
+@@ -7,7 +7,7 @@
+
+ use utf8;
+
+-use Test::More tests => 111;
++use Test::More tests => 117;
+
+ use Mojo::ByteStream 'b';
+
+@@ -236,3 +236,17 @@
+ . '%D1%88%D0%B0%D1%80%D0%B8%D1%84%D1%83%D0%BB%D0%B8%D0%BD',
+ 'right format'
+ );
++
++# Empty path elements
++$url = Mojo::URL->new('http://kraih.com/foo//bar/23/');
++$url->base->parse('http://kraih.com/');
++is($url->is_abs, 1);
++is($url->to_rel, '/foo//bar/23/');
++$url = Mojo::URL->new('http://kraih.com//foo//bar/23/');
++$url->base->parse('http://kraih.com/');
++is($url->is_abs, 1);
++is($url->to_rel, '/foo//bar/23/');
++$url = Mojo::URL->new('http://kraih.com/foo///bar/23/');
++$url->base->parse('http://kraih.com/');
++is($url->is_abs, 1);
++is($url->to_rel, '/foo///bar/23/');
+--- a/t/mojox/routes/routes.t
++++ b/t/mojox/routes/routes.t
+@@ -347,8 +347,8 @@
+ $m = MojoX::Routes::Match->new($tx)->match($r);
+ is($m->stack->[0]->{controller}, 'wild');
+ is($m->stack->[0]->{action}, 'card');
+-is($m->stack->[0]->{wildcard}, 'http:/www.google.com');
+-is($m->url_for, '/wildcards/1/http:/www.google.com');
++is($m->stack->[0]->{wildcard}, 'http://www.google.com');
++is($m->url_for, '/wildcards/1/http://www.google.com');
+ is(@{$m->stack}, 1);
+ $tx = Mojo::Transaction::HTTP->new;
+ $tx->req->method('GET');
+@@ -357,7 +357,7 @@
+ is($m->stack->[0]->{controller}, 'wild');
+ is($m->stack->[0]->{action}, 'card');
+ is($m->stack->[0]->{wildcard}, 'http://www.google.com');
+-is($m->url_for, '/wildcards/1/http:/www.google.com');
++is($m->url_for, '/wildcards/1/http://www.google.com');
+ is(@{$m->stack}, 1);
+
+ # Format
Modified: branches/squeeze/libmojolicious-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/patches/series?rev=72662&op=diff
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/patches/series (original)
+++ branches/squeeze/libmojolicious-perl/debian/patches/series Sat Apr 16 10:41:25 2011
@@ -1,2 +1,2 @@
622952-path-traversal-vulnerability.patch
-disable-routes.t-tests.patch
+improve-RFC3986-compliance-of-Mojo-Path.patch
More information about the Pkg-perl-cvs-commits
mailing list