r72662 - in /branches/squeeze/libmojolicious-perl/debian: changelog patches/disable-routes.t-tests.patch patches/improve-RFC3986-compliance-of-Mojo-Path.patch patches/series

carnil at users.alioth.debian.org carnil at users.alioth.debian.org
Sat Apr 16 10:42:14 UTC 2011 

Author: carnil
Date: Sat Apr 16 10:41:25 2011
New Revision: 72662

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=72662
Log:
Add improve-RFC3986-compliance-of-Mojo-Path.patch backported from
upstream commit 748ef373291dd342c18a0811f967ea0d88df5368. This
prevents FTBFS with the applied security patch. Thanks to Ansgar
Burchardt (ansgar).

Added:
    branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch
Removed:
    branches/squeeze/libmojolicious-perl/debian/patches/disable-routes.t-tests.patch
Modified:
    branches/squeeze/libmojolicious-perl/debian/changelog
    branches/squeeze/libmojolicious-perl/debian/patches/series

Modified: branches/squeeze/libmojolicious-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/changelog?rev=72662&op=diff
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/changelog (original)
+++ branches/squeeze/libmojolicious-perl/debian/changelog Sat Apr 16 10:41:25 2011
@@ -2,10 +2,12 @@
 
   * [SECURITY] Add 622952-path-traversal-vulnerability.patch to fix path
     traversal security vulnerability (Closes: #622952). 
-  * Add disable-routes.t-tests.patch to disable routes.t tests for bug
-    in route unescaping.
+  * Add improve-RFC3986-compliance-of-Mojo-Path.patch backported from
+    upstream commit 748ef373291dd342c18a0811f967ea0d88df5368. This
+    prevents FTBFS with the applied security patch. Thanks to Ansgar
+    Burchardt (ansgar).
 
- -- Salvatore Bonaccorso <carnil at debian.org>  Sat, 16 Apr 2011 10:53:50 +0200
+ -- Salvatore Bonaccorso <carnil at debian.org>  Sat, 16 Apr 2011 12:40:57 +0200
 
 libmojolicious-perl (0.999926-1) unstable; urgency=low
 

Added: branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch?rev=72662&op=file
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch (added)
+++ branches/squeeze/libmojolicious-perl/debian/patches/improve-RFC3986-compliance-of-Mojo-Path.patch Sat Apr 16 10:41:25 2011
@@ -1,0 +1,73 @@
+Description: Improve RFC3986 compliance of Mojo::Path.
+Origin: backport, commit: 748ef373291dd342c18a
+Forwarded: no
+Author: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2011-04-16
+
+--- a/lib/Mojo/Path.pm
++++ b/lib/Mojo/Path.pm
+@@ -92,8 +92,11 @@
+     my @parts;
+     for my $part (split '/', $path) {
+ 
+-        # Garbage
+-        next unless length $part;
++        # Empty parts before the first are garbage
++        next unless length $part or scalar @parts;
++
++        # mpty parts behind the first are ok
++        $part = '' unless defined $part;
+ 
+         # Store
+         push @parts, $part;
+--- a/t/mojo/url.t
++++ b/t/mojo/url.t
+@@ -7,7 +7,7 @@
+ 
+ use utf8;
+ 
+-use Test::More tests => 111;
++use Test::More tests => 117;
+ 
+ use Mojo::ByteStream 'b';
+ 
+@@ -236,3 +236,17 @@
+       . '%D1%88%D0%B0%D1%80%D0%B8%D1%84%D1%83%D0%BB%D0%B8%D0%BD',
+     'right format'
+ );
++
++# Empty path elements
++$url = Mojo::URL->new('http://kraih.com/foo//bar/23/');
++$url->base->parse('http://kraih.com/');
++is($url->is_abs, 1);
++is($url->to_rel, '/foo//bar/23/');
++$url = Mojo::URL->new('http://kraih.com//foo//bar/23/');
++$url->base->parse('http://kraih.com/');
++is($url->is_abs, 1);
++is($url->to_rel, '/foo//bar/23/');
++$url = Mojo::URL->new('http://kraih.com/foo///bar/23/');
++$url->base->parse('http://kraih.com/');
++is($url->is_abs, 1);
++is($url->to_rel, '/foo///bar/23/');
+--- a/t/mojox/routes/routes.t
++++ b/t/mojox/routes/routes.t
+@@ -347,8 +347,8 @@
+ $m = MojoX::Routes::Match->new($tx)->match($r);
+ is($m->stack->[0]->{controller}, 'wild');
+ is($m->stack->[0]->{action},     'card');
+-is($m->stack->[0]->{wildcard},   'http:/www.google.com');
+-is($m->url_for,                  '/wildcards/1/http:/www.google.com');
++is($m->stack->[0]->{wildcard},   'http://www.google.com');
++is($m->url_for,                  '/wildcards/1/http://www.google.com');
+ is(@{$m->stack},                 1);
+ $tx = Mojo::Transaction::HTTP->new;
+ $tx->req->method('GET');
+@@ -357,7 +357,7 @@
+ is($m->stack->[0]->{controller}, 'wild');
+ is($m->stack->[0]->{action},     'card');
+ is($m->stack->[0]->{wildcard},   'http://www.google.com');
+-is($m->url_for,                  '/wildcards/1/http:/www.google.com');
++is($m->url_for,                  '/wildcards/1/http://www.google.com');
+ is(@{$m->stack},                 1);
+ 
+ # Format

Modified: branches/squeeze/libmojolicious-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/patches/series?rev=72662&op=diff
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/patches/series (original)
+++ branches/squeeze/libmojolicious-perl/debian/patches/series Sat Apr 16 10:41:25 2011
@@ -1,2 +1,2 @@
 622952-path-traversal-vulnerability.patch
-disable-routes.t-tests.patch
+improve-RFC3986-compliance-of-Mojo-Path.patch

More information about the Pkg-perl-cvs-commits mailing list