[libcgi-application-plugin-authentication-perl] 03/06: Add patch to handle changes in CGI.pm
gregor herrmann
gregoa at debian.org
Mon Oct 13 15:38:51 UTC 2014
This is an automated email from the git hooks/post-receive script.
gregoa pushed a commit to branch master
in repository libcgi-application-plugin-authentication-perl.
commit 6c0505603c777e1e3c41441c129bc18cd1d7148e
Author: gregor herrmann <gregoa at debian.org>
Date: Mon Oct 13 17:15:55 2014 +0200
Add patch to handle changes in CGI.pm
Closes: #765051
Thanks: Michael Tautschnig for the bug report.
---
debian/patches/cgi.pm-4.05.patch | 21 +++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 22 insertions(+)
diff --git a/debian/patches/cgi.pm-4.05.patch b/debian/patches/cgi.pm-4.05.patch
new file mode 100644
index 0000000..2a318eb
--- /dev/null
+++ b/debian/patches/cgi.pm-4.05.patch
@@ -0,0 +1,21 @@
+Description: Adjust for CGI.pm >= 4.05
+ CGI.pm now warns if parameters are imported in list context, as this is a potential security hole.
+ Explicitly require scalar context.
+Origin: vendor
+Bug: https://rt.cpan.org/Ticket/Display.html?id=99460
+Forwarded: https://rt.cpan.org/Ticket/Display.html?id=99460
+Bug-Debian: https://bugs.debian.org/765051
+Author: gregor herrmann <gregoa at debian.org>
+Last-Update: 2014-10-13
+
+--- a/lib/CGI/Application/Plugin/Authentication.pm
++++ b/lib/CGI/Application/Plugin/Authentication.pm
+@@ -1205,7 +1205,7 @@
+ my $field_names = $config->{CREDENTIALS} || [qw(authen_username authen_password)];
+
+ my $query = $self->_cgiapp->query;
+- my @credentials = map { $query->param($_) } @$field_names;
++ my @credentials = map { scalar $query->param($_) } @$field_names;
+ if ($credentials[0]) {
+ # The user is trying to login
+ # make sure if they are already logged in, that we log them out first
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e91b6bd
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+cgi.pm-4.05.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libcgi-application-plugin-authentication-perl.git
More information about the Pkg-perl-cvs-commits
mailing list