commit perl-Gravatar-URL for openSUSE:Factory

7 Dec 2011

Hello community,

here is the log from the commit of package perl-Gravatar-URL for openSUSE:Factory checked in at 2011-12-07 14:39:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Gravatar-URL (Old)
 and      /work/SRC/openSUSE:Factory/.perl-Gravatar-URL.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "perl-Gravatar-URL", Maintainer is ""

Changes:
--------

--- /work/SRC/openSUSE:Factory/perl-Gravatar-URL/perl-Gravatar-URL.changes	2011-09-23 12:37:16.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.perl-Gravatar-URL.new/perl-Gravatar-URL.changes	2011-12-07 14:39:07.000000000 +0100
@@ -1,0 +2,7 @@
+Tue Nov 29 15:11:01 UTC 2011 - coolo@suse.com
+
+- update to 1.05
+    Security fix
+    * Sanitize DNS results in Libravatar::URL
+
+-------------------------------------------------------------------

Old:
----
  Gravatar-URL-1.04.tar.gz

New:
----
  Gravatar-URL-1.05.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ perl-Gravatar-URL.spec ++++++
--- /var/tmp/diff_new_pack.qpUTxt/_old	2011-12-07 14:39:10.000000000 +0100
+++ /var/tmp/diff_new_pack.qpUTxt/_new	2011-12-07 14:39:10.000000000 +0100
@@ -18,8 +18,8 @@
 
 
 Name:           perl-Gravatar-URL
-Version:        1.04
-Release:        3
+Version:        1.05
+Release:        0
 License:        GPL+ or Artistic
 %define cpan_name Gravatar-URL
 Summary:        Make URLs for Gravatars from an email address

++++++ Gravatar-URL-1.04.tar.gz -> Gravatar-URL-1.05.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/Changes new/Gravatar-URL-1.05/Changes
--- old/Gravatar-URL-1.04/Changes	2011-03-29 06:53:55.000000000 +0200
+++ new/Gravatar-URL-1.05/Changes	2011-07-06 12:48:05.000000000 +0200
@@ -1,3 +1,7 @@
+1.05  Wed Jul  6 22:40:06 NZST 2011
+    Security fix
+    * Sanitize DNS results in Libravatar::URL
+
 1.04  Tue Mar 29 17:47:34 NZDT 2011
     New features
     * Added OpenID support in Libravatar::URL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/META.yml new/Gravatar-URL-1.05/META.yml
--- old/Gravatar-URL-1.04/META.yml	2011-03-29 06:53:55.000000000 +0200
+++ new/Gravatar-URL-1.05/META.yml	2011-07-06 12:48:05.000000000 +0200
@@ -1,39 +1,39 @@
 ---
-name: Gravatar-URL
-version: 1.04
+abstract: 'Make URLs for Gravatars from an email address'
 author: []
-abstract: Make URLs for Gravatars from an email address
-license: perl
-resources:
-  bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Gravatar-URL
-  license: http://dev.perl.org/licenses/
-  repository: http://github.com/schwern/gravatar-url/tree/master
 build_requires:
   Test::More: 0.4
   Test::Warn: 0.11
-requires:
-  Carp: 0
-  Digest::MD5: 0
-  Digest::SHA: 0
-  Net::DNS::Resolver: 0
-  URI::Escape: 0
-  parent: 0
-  perl: v5.6.0
 configure_requires:
   Module::Build: 0.2808
+generated_by: 'Module::Build version 0.3603'
+keywords:
+  - Gravatar
+license: perl
+meta-spec:
+  url: http://module-build.sourceforge.net/META-spec-v1.4.html
+  version: 1.4
+name: Gravatar-URL
 provides:
   Gravatar::URL:
     file: lib/Gravatar/URL.pm
-    version: 1.04
+    version: 1.05
   Libravatar::URL:
     file: lib/Libravatar/URL.pm
-    version: 1.04
+    version: 1.05
   Unicornify::URL:
     file: lib/Unicornify/URL.pm
-    version: 1.04
-generated_by: Module::Build version 0.340201
-meta-spec:
-  url: http://module-build.sourceforge.net/META-spec-v1.4.html
-  version: 1.4
-keywords:
-  - Gravatar
+    version: 1.05
+requires:
+  Carp: 0
+  Digest::MD5: 0
+  Digest::SHA: 0
+  Net::DNS::Resolver: 0
+  URI::Escape: 0
+  parent: 0
+  perl: v5.6.0
+resources:
+  bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Gravatar-URL
+  license: http://dev.perl.org/licenses/
+  repository: http://github.com/schwern/gravatar-url/tree/master
+version: 1.05
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/SIGNATURE new/Gravatar-URL-1.05/SIGNATURE
--- old/Gravatar-URL-1.04/SIGNATURE	2011-03-29 06:53:55.000000000 +0200
+++ new/Gravatar-URL-1.05/SIGNATURE	2011-07-06 12:48:06.000000000 +0200
@@ -1,5 +1,5 @@
 This file contains message digests of all files listed in MANIFEST,
-signed via the Module::Signature module, version 0.66.
+signed via the Module::Signature module, version 0.68.
 
 To verify the content in this distribution, first make sure you have
 Module::Signature installed, then type:
@@ -15,33 +15,33 @@
 Hash: SHA256
 
 SHA1 7167d0e20bd720b44dd6537748b258de132d4931 Build.PL
-SHA1 6a25663ad17eae0e367ec4679d64ca9a15a68190 Changes
+SHA1 0502a2e8c361179910ff3392944d933f7a979b23 Changes
 SHA1 18bb6448d08c7658c6991171dbee9b761cf72e8d MANIFEST
 SHA1 8ca6e2e38708e91e4bd249dc854520a142c3cafe MANIFEST.SKIP
-SHA1 3f588ec2c21f33603265575474a91643b7454750 META.yml
-SHA1 ea9ce95f0027d1356cfecc9ade1f899f5d05b5a4 lib/Gravatar/URL.pm
-SHA1 f2f931bf78a6b63ed2646f80d68477944a7f93c3 lib/Libravatar/URL.pm
-SHA1 c61a9a12a298c2b9300fb5af99a3b38b2abe5b98 lib/Unicornify/URL.pm
+SHA1 26950201abf7203cf20e9c552cc18ffdf0bf01d1 META.yml
+SHA1 a7b7bd01200e13a6745ffb939bc332e3a0592268 lib/Gravatar/URL.pm
+SHA1 2ce4d71a777ff5d809598005f238c5fc401a1647 lib/Libravatar/URL.pm
+SHA1 ee00760fb95aec563a4da0fd6ac247fa90f5920f lib/Unicornify/URL.pm
 SHA1 02f21c26f52380259046ea05ae9d560b8a5c5072 t/deprecated.t
 SHA1 0250d25f32bcfe6dafab0b3892f4575959ef6890 t/error.t
 SHA1 3b4f3259bb95a336b73ecd2c06bf96dd30637a0a t/id.t
-SHA1 33e83ab4d46c39e69472167a55ed5bc920a5d2c7 t/libravatar.t
+SHA1 c1f9d8c33601bda1bc92ca23c1904e62efb36ed2 t/libravatar.t
 SHA1 7bdb7b0b2b440eaade3bb2a968c4919c7c2d4666 t/unicornify.t
 SHA1 1b8f6257f03be54ba3e0d39973b3ff0113785afa t/url.t
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
-iQIcBAEBCAAGBQJNkWXjAAoJEBYoHy4AfJjRsjoQALAMi12O5P4XYM89vs89bK7r
-lBvaPPZgWqdPN//BaHrycdJyCyutH427NUhO/pgK2mWcdlRv81gcPmnaUrzxxRNr
-2GYPpbf5L90U2C8O3kaggU3Si1R+y1mQutlFgDCtOZrc+9IHD4c8SCT8n/6PqEVr
-2iKgKIPajY9QT3orjlo/DfrJn2gVj46p0HCphuduF+GHf1YEsCkFTwBkON+Je/Lc
-I4m/YMwuV1CZCN68F1Iu0+E2HbJrfqDU24ouj9sQzf7ZwffQX46ufjXpPFNU+tIE
-HM2xKvd2BNx4EQOXQoGsKb/L/gKuHAr+sokJ1xEQzSMvdf6gvEB2Wzo9DBYZQVDC
-HoJDLHvcdy6lZyss7QQVv9va6c3T0AxUP7FAYnt+Cy5QiGPEwy7PkvLAsIimxyZW
-XGfkzeT/Nl9Zz7cWmJxmFltYgsIsFbrUMlpe8wjTq0FNszwELJQcUm1eGtUQKqVp
-xpRSTa28uvx5liwQwHGdGaraYgo8+aynF0TxUKgd0cNrunlHonaNmvrFq9gelSAX
-Nzds2gUywit/luKCOuWg0IS8quofMYBvGByHQwo+geqHSNzanWi3lApyqgi9bgIt
-CAzZPjRb6OLZJvvIpWLZ5LB+ib5VNBcdAI1mbMfjIxIAG7QEE8iJCSqrhCl3v2An
-vFOVcb3OpUjkpMi1AvF7
-=YMWU
+iQIcBAEBCAAGBQJOFD1lAAoJEBYoHy4AfJjRkMgQAKUxU7He/MhwnVnJcKcGmgue
+p8+5QV+1FNktZyRKsjWlQt2ChZ59nyRr7pnV9WVg0ZODcWTNXQYvG40YcaDcXPaC
+GQ41hlbQYusoioY+2YnQckLhP7FPwCrpsTl/IHwW1wg+lj/U4Eb0xLQYQcAVH7Wq
+LFGM/2Gnx1k/y66rlZT292gwSYsP5YOCOQpzzxYzfZs90GRAIFDIljKRs9S5SOWe
+4naOKtMJO6knaMTNI+4zXDJUGUsflnUuJ4PE6KGnToIESlIGyxn9cV2rIkEY/ozL
+7KcNQB/Y+PrgIpZ9kfIv+NT2vR3jJk4CbSj6dUSenN8mtcfWbQ5b6g3SGbuCm9ei
+sdisMmp6eoopdpFtidiItqD3tvibY+a5GMN+pYSvQLEFJUUuHUHwxL/BfAyE9ODk
+mYFXwtzUBN1t4CbSNXDxZ8IZpRWZJerMj+6RX+mgU5N1EKgVj/aXIILxV6gzTvWg
+q09xQDU9ZaN1QDlZ/UGxxCCe29Pqe8R23CGTAGIZwU//uPGxrDc7WR9hzfQMDq9U
+wHw4y0SBW2cYdf08ZjqlRvQN1bXOqRLT9sZOMsPtui3pUQaw2JmP+ob3dYXeytzL
+LavcfhQFoZ4XatdGQzu08UNKc/s2oi4per5ZFi3xWNjBtdJfJFOLDar/e3CpPsem
+4mUio8/ztrDII4m0ao/t
+=r7yG
 -----END PGP SIGNATURE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/lib/Gravatar/URL.pm new/Gravatar-URL-1.05/lib/Gravatar/URL.pm
--- old/Gravatar-URL-1.04/lib/Gravatar/URL.pm	2011-03-29 06:53:55.000000000 +0200
+++ new/Gravatar-URL-1.05/lib/Gravatar/URL.pm	2011-07-06 12:48:05.000000000 +0200
@@ -7,7 +7,7 @@
 use Digest::MD5 qw(md5_hex);
 use Carp;
 
-our $VERSION = '1.04';
+our $VERSION = '1.05';
 
 use parent 'Exporter';
 our @EXPORT = qw(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/lib/Libravatar/URL.pm new/Gravatar-URL-1.05/lib/Libravatar/URL.pm
--- old/Gravatar-URL-1.04/lib/Libravatar/URL.pm	2011-03-29 06:53:55.000000000 +0200
+++ new/Gravatar-URL-1.05/lib/Libravatar/URL.pm	2011-07-06 12:48:05.000000000 +0200
@@ -7,7 +7,7 @@
 use Digest::SHA qw(sha256_hex);
 use Carp;
 
-our $VERSION = '1.04';
+our $VERSION = '1.05';
 
 use parent 'Exporter';
 our @EXPORT = qw(
@@ -197,6 +197,19 @@
     return $url;
 }
 
+sub sanitize_target {
+    my ( $target, $port ) = @_;
+
+    unless ( $target =~ m/^[0-9a-zA-Z\-.]+$/ ) {
+        return ( undef, undef );
+    }
+    unless ( $port =~ m/^[0-9]{1,5}$/ ) {
+        return ( undef, undef );
+    }
+
+    return ( $target, $port )
+}
+
 sub federated_url {
     my %args = @_;
 
@@ -215,7 +228,7 @@
     my $packet = $fast_resolver->query($srv_prefix . '._tcp.' . $domain, 'SRV');
 
     if ( $packet and $packet->answer ) {
-        my ( $target, $port ) = srv_hostname($packet->answer);
+        my ( $target, $port ) = sanitize_target(srv_hostname($packet->answer));
         return build_url($target, $port, $args{https});
     }
     return undef;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/lib/Unicornify/URL.pm new/Gravatar-URL-1.05/lib/Unicornify/URL.pm
--- old/Gravatar-URL-1.04/lib/Unicornify/URL.pm	2011-03-29 06:53:55.000000000 +0200
+++ new/Gravatar-URL-1.05/lib/Unicornify/URL.pm	2011-07-06 12:48:05.000000000 +0200
@@ -3,7 +3,7 @@
 use strict;
 use warnings;
 
-our $VERSION = '1.04';
+our $VERSION = '1.05';
 
 use Gravatar::URL qw(gravatar_url);
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/t/libravatar.t new/Gravatar-URL-1.05/t/libravatar.t
--- old/Gravatar-URL-1.04/t/libravatar.t	2011-03-29 06:53:55.000000000 +0200
+++ new/Gravatar-URL-1.05/t/libravatar.t	2011-07-06 12:48:05.000000000 +0200
@@ -130,6 +130,30 @@
         is Libravatar::URL::build_url($target, $port), $url;
     }
 
+    my @sanitization_tests = (
+        [undef, undef,
+         [undef, undef],
+        ],
+
+        ['example.com', undef,
+         [undef, undef],
+        ],
+
+        ['example.com', 80,
+         ['example.com', 80],
+        ],
+
+        ['example.org', 81,
+         ['example.org', 81],
+        ],
+    );
+
+    for my $test (@sanitization_tests) {
+        my ($target, $port, $pair) = @$test;
+        my @result = Libravatar::URL::sanitize_target($target, $port);
+        is_deeply \@result, $pair;
+    }
+
     my @srv_tests = (
         [[
          ],
@@ -213,6 +237,6 @@
         is_deeply \@result, $pair;
     }
 
-    $test_count = @email_domain_tests + @openid_domain_tests + @lowercase_openid + @url_tests + @srv_tests + 2;
+    $test_count = @email_domain_tests + @openid_domain_tests + @lowercase_openid + @url_tests + @sanitization_tests + @srv_tests + 2;
     done_testing($test_count);
 }

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

commit perl-Gravatar-URL for openSUSE:Factory

root＠hilbert.suse.de