[libcgi-application-plugin-authentication-perl] 03/06: Add patch to handle changes in CGI.pm

gregor herrmann gregoa at debian.org
Mon Oct 13 15:38:51 UTC 2014 

This is an automated email from the git hooks/post-receive script.

gregoa pushed a commit to branch master
in repository libcgi-application-plugin-authentication-perl.

commit 6c0505603c777e1e3c41441c129bc18cd1d7148e
Author: gregor herrmann <gregoa at debian.org>
Date:   Mon Oct 13 17:15:55 2014 +0200

    Add patch to handle changes in CGI.pm
    
    Closes: #765051
    Thanks: Michael Tautschnig for the bug report.
---
 debian/patches/cgi.pm-4.05.patch | 21 +++++++++++++++++++++
 debian/patches/series            |  1 +
 2 files changed, 22 insertions(+)

diff --git a/debian/patches/cgi.pm-4.05.patch b/debian/patches/cgi.pm-4.05.patch
new file mode 100644
index 0000000..2a318eb
--- /dev/null
+++ b/debian/patches/cgi.pm-4.05.patch
@@ -0,0 +1,21 @@
+Description: Adjust for CGI.pm >= 4.05
+ CGI.pm now warns if parameters are imported in list context, as this is a potential security hole.
+ Explicitly require scalar context.
+Origin: vendor
+Bug: https://rt.cpan.org/Ticket/Display.html?id=99460
+Forwarded: https://rt.cpan.org/Ticket/Display.html?id=99460
+Bug-Debian: https://bugs.debian.org/765051
+Author: gregor herrmann <gregoa at debian.org>
+Last-Update: 2014-10-13
+
+--- a/lib/CGI/Application/Plugin/Authentication.pm
++++ b/lib/CGI/Application/Plugin/Authentication.pm
+@@ -1205,7 +1205,7 @@
+     my $field_names = $config->{CREDENTIALS} || [qw(authen_username authen_password)];
+ 
+     my $query = $self->_cgiapp->query;
+-    my @credentials = map { $query->param($_) } @$field_names;
++    my @credentials = map { scalar $query->param($_) } @$field_names;
+     if ($credentials[0]) {
+         # The user is trying to login
+         # make sure if they are already logged in, that we log them out first
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e91b6bd
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+cgi.pm-4.05.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libcgi-application-plugin-authentication-perl.git

More information about the Pkg-perl-cvs-commits mailing list