Hello community, here is the log from the commit of package perl-Gravatar-URL for openSUSE:Factory checked in at 2011-12-07 14:39:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-Gravatar-URL (Old) and /work/SRC/openSUSE:Factory/.perl-Gravatar-URL.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "perl-Gravatar-URL", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-Gravatar-URL/perl-Gravatar-URL.changes 2011-09-23 12:37:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.perl-Gravatar-URL.new/perl-Gravatar-URL.changes 2011-12-07 14:39:07.000000000 +0100 @@ -1,0 +2,7 @@ +Tue Nov 29 15:11:01 UTC 2011 - coolo@suse.com + +- update to 1.05 + Security fix + * Sanitize DNS results in Libravatar::URL + +------------------------------------------------------------------- Old: ---- Gravatar-URL-1.04.tar.gz New: ---- Gravatar-URL-1.05.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-Gravatar-URL.spec ++++++ --- /var/tmp/diff_new_pack.qpUTxt/_old 2011-12-07 14:39:10.000000000 +0100 +++ /var/tmp/diff_new_pack.qpUTxt/_new 2011-12-07 14:39:10.000000000 +0100 @@ -18,8 +18,8 @@ Name: perl-Gravatar-URL -Version: 1.04 -Release: 3 +Version: 1.05 +Release: 0 License: GPL+ or Artistic %define cpan_name Gravatar-URL Summary: Make URLs for Gravatars from an email address ++++++ Gravatar-URL-1.04.tar.gz -> Gravatar-URL-1.05.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/Changes new/Gravatar-URL-1.05/Changes --- old/Gravatar-URL-1.04/Changes 2011-03-29 06:53:55.000000000 +0200 +++ new/Gravatar-URL-1.05/Changes 2011-07-06 12:48:05.000000000 +0200 @@ -1,3 +1,7 @@ +1.05 Wed Jul 6 22:40:06 NZST 2011 + Security fix + * Sanitize DNS results in Libravatar::URL + 1.04 Tue Mar 29 17:47:34 NZDT 2011 New features * Added OpenID support in Libravatar::URL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/META.yml new/Gravatar-URL-1.05/META.yml --- old/Gravatar-URL-1.04/META.yml 2011-03-29 06:53:55.000000000 +0200 +++ new/Gravatar-URL-1.05/META.yml 2011-07-06 12:48:05.000000000 +0200 @@ -1,39 +1,39 @@ --- -name: Gravatar-URL -version: 1.04 +abstract: 'Make URLs for Gravatars from an email address' author: [] -abstract: Make URLs for Gravatars from an email address -license: perl -resources: - bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Gravatar-URL - license: http://dev.perl.org/licenses/ - repository: http://github.com/schwern/gravatar-url/tree/master build_requires: Test::More: 0.4 Test::Warn: 0.11 -requires: - Carp: 0 - Digest::MD5: 0 - Digest::SHA: 0 - Net::DNS::Resolver: 0 - URI::Escape: 0 - parent: 0 - perl: v5.6.0 configure_requires: Module::Build: 0.2808 +generated_by: 'Module::Build version 0.3603' +keywords: + - Gravatar +license: perl +meta-spec: + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: 1.4 +name: Gravatar-URL provides: Gravatar::URL: file: lib/Gravatar/URL.pm - version: 1.04 + version: 1.05 Libravatar::URL: file: lib/Libravatar/URL.pm - version: 1.04 + version: 1.05 Unicornify::URL: file: lib/Unicornify/URL.pm - version: 1.04 -generated_by: Module::Build version 0.340201 -meta-spec: - url: http://module-build.sourceforge.net/META-spec-v1.4.html - version: 1.4 -keywords: - - Gravatar + version: 1.05 +requires: + Carp: 0 + Digest::MD5: 0 + Digest::SHA: 0 + Net::DNS::Resolver: 0 + URI::Escape: 0 + parent: 0 + perl: v5.6.0 +resources: + bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Gravatar-URL + license: http://dev.perl.org/licenses/ + repository: http://github.com/schwern/gravatar-url/tree/master +version: 1.05 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/SIGNATURE new/Gravatar-URL-1.05/SIGNATURE --- old/Gravatar-URL-1.04/SIGNATURE 2011-03-29 06:53:55.000000000 +0200 +++ new/Gravatar-URL-1.05/SIGNATURE 2011-07-06 12:48:06.000000000 +0200 @@ -1,5 +1,5 @@ This file contains message digests of all files listed in MANIFEST, -signed via the Module::Signature module, version 0.66. +signed via the Module::Signature module, version 0.68. To verify the content in this distribution, first make sure you have Module::Signature installed, then type: @@ -15,33 +15,33 @@ Hash: SHA256 SHA1 7167d0e20bd720b44dd6537748b258de132d4931 Build.PL -SHA1 6a25663ad17eae0e367ec4679d64ca9a15a68190 Changes +SHA1 0502a2e8c361179910ff3392944d933f7a979b23 Changes SHA1 18bb6448d08c7658c6991171dbee9b761cf72e8d MANIFEST SHA1 8ca6e2e38708e91e4bd249dc854520a142c3cafe MANIFEST.SKIP -SHA1 3f588ec2c21f33603265575474a91643b7454750 META.yml -SHA1 ea9ce95f0027d1356cfecc9ade1f899f5d05b5a4 lib/Gravatar/URL.pm -SHA1 f2f931bf78a6b63ed2646f80d68477944a7f93c3 lib/Libravatar/URL.pm -SHA1 c61a9a12a298c2b9300fb5af99a3b38b2abe5b98 lib/Unicornify/URL.pm +SHA1 26950201abf7203cf20e9c552cc18ffdf0bf01d1 META.yml +SHA1 a7b7bd01200e13a6745ffb939bc332e3a0592268 lib/Gravatar/URL.pm +SHA1 2ce4d71a777ff5d809598005f238c5fc401a1647 lib/Libravatar/URL.pm +SHA1 ee00760fb95aec563a4da0fd6ac247fa90f5920f lib/Unicornify/URL.pm SHA1 02f21c26f52380259046ea05ae9d560b8a5c5072 t/deprecated.t SHA1 0250d25f32bcfe6dafab0b3892f4575959ef6890 t/error.t SHA1 3b4f3259bb95a336b73ecd2c06bf96dd30637a0a t/id.t -SHA1 33e83ab4d46c39e69472167a55ed5bc920a5d2c7 t/libravatar.t +SHA1 c1f9d8c33601bda1bc92ca23c1904e62efb36ed2 t/libravatar.t SHA1 7bdb7b0b2b440eaade3bb2a968c4919c7c2d4666 t/unicornify.t SHA1 1b8f6257f03be54ba3e0d39973b3ff0113785afa t/url.t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) -iQIcBAEBCAAGBQJNkWXjAAoJEBYoHy4AfJjRsjoQALAMi12O5P4XYM89vs89bK7r -lBvaPPZgWqdPN//BaHrycdJyCyutH427NUhO/pgK2mWcdlRv81gcPmnaUrzxxRNr -2GYPpbf5L90U2C8O3kaggU3Si1R+y1mQutlFgDCtOZrc+9IHD4c8SCT8n/6PqEVr -2iKgKIPajY9QT3orjlo/DfrJn2gVj46p0HCphuduF+GHf1YEsCkFTwBkON+Je/Lc -I4m/YMwuV1CZCN68F1Iu0+E2HbJrfqDU24ouj9sQzf7ZwffQX46ufjXpPFNU+tIE -HM2xKvd2BNx4EQOXQoGsKb/L/gKuHAr+sokJ1xEQzSMvdf6gvEB2Wzo9DBYZQVDC -HoJDLHvcdy6lZyss7QQVv9va6c3T0AxUP7FAYnt+Cy5QiGPEwy7PkvLAsIimxyZW -XGfkzeT/Nl9Zz7cWmJxmFltYgsIsFbrUMlpe8wjTq0FNszwELJQcUm1eGtUQKqVp -xpRSTa28uvx5liwQwHGdGaraYgo8+aynF0TxUKgd0cNrunlHonaNmvrFq9gelSAX -Nzds2gUywit/luKCOuWg0IS8quofMYBvGByHQwo+geqHSNzanWi3lApyqgi9bgIt -CAzZPjRb6OLZJvvIpWLZ5LB+ib5VNBcdAI1mbMfjIxIAG7QEE8iJCSqrhCl3v2An -vFOVcb3OpUjkpMi1AvF7 -=YMWU +iQIcBAEBCAAGBQJOFD1lAAoJEBYoHy4AfJjRkMgQAKUxU7He/MhwnVnJcKcGmgue +p8+5QV+1FNktZyRKsjWlQt2ChZ59nyRr7pnV9WVg0ZODcWTNXQYvG40YcaDcXPaC +GQ41hlbQYusoioY+2YnQckLhP7FPwCrpsTl/IHwW1wg+lj/U4Eb0xLQYQcAVH7Wq +LFGM/2Gnx1k/y66rlZT292gwSYsP5YOCOQpzzxYzfZs90GRAIFDIljKRs9S5SOWe +4naOKtMJO6knaMTNI+4zXDJUGUsflnUuJ4PE6KGnToIESlIGyxn9cV2rIkEY/ozL +7KcNQB/Y+PrgIpZ9kfIv+NT2vR3jJk4CbSj6dUSenN8mtcfWbQ5b6g3SGbuCm9ei +sdisMmp6eoopdpFtidiItqD3tvibY+a5GMN+pYSvQLEFJUUuHUHwxL/BfAyE9ODk +mYFXwtzUBN1t4CbSNXDxZ8IZpRWZJerMj+6RX+mgU5N1EKgVj/aXIILxV6gzTvWg +q09xQDU9ZaN1QDlZ/UGxxCCe29Pqe8R23CGTAGIZwU//uPGxrDc7WR9hzfQMDq9U +wHw4y0SBW2cYdf08ZjqlRvQN1bXOqRLT9sZOMsPtui3pUQaw2JmP+ob3dYXeytzL +LavcfhQFoZ4XatdGQzu08UNKc/s2oi4per5ZFi3xWNjBtdJfJFOLDar/e3CpPsem +4mUio8/ztrDII4m0ao/t +=r7yG -----END PGP SIGNATURE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/lib/Gravatar/URL.pm new/Gravatar-URL-1.05/lib/Gravatar/URL.pm --- old/Gravatar-URL-1.04/lib/Gravatar/URL.pm 2011-03-29 06:53:55.000000000 +0200 +++ new/Gravatar-URL-1.05/lib/Gravatar/URL.pm 2011-07-06 12:48:05.000000000 +0200 @@ -7,7 +7,7 @@ use Digest::MD5 qw(md5_hex); use Carp; -our $VERSION = '1.04'; +our $VERSION = '1.05'; use parent 'Exporter'; our @EXPORT = qw( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/lib/Libravatar/URL.pm new/Gravatar-URL-1.05/lib/Libravatar/URL.pm --- old/Gravatar-URL-1.04/lib/Libravatar/URL.pm 2011-03-29 06:53:55.000000000 +0200 +++ new/Gravatar-URL-1.05/lib/Libravatar/URL.pm 2011-07-06 12:48:05.000000000 +0200 @@ -7,7 +7,7 @@ use Digest::SHA qw(sha256_hex); use Carp; -our $VERSION = '1.04'; +our $VERSION = '1.05'; use parent 'Exporter'; our @EXPORT = qw( @@ -197,6 +197,19 @@ return $url; } +sub sanitize_target { + my ( $target, $port ) = @_; + + unless ( $target =~ m/^[0-9a-zA-Z\-.]+$/ ) { + return ( undef, undef ); + } + unless ( $port =~ m/^[0-9]{1,5}$/ ) { + return ( undef, undef ); + } + + return ( $target, $port ) +} + sub federated_url { my %args = @_; @@ -215,7 +228,7 @@ my $packet = $fast_resolver->query($srv_prefix . '._tcp.' . $domain, 'SRV'); if ( $packet and $packet->answer ) { - my ( $target, $port ) = srv_hostname($packet->answer); + my ( $target, $port ) = sanitize_target(srv_hostname($packet->answer)); return build_url($target, $port, $args{https}); } return undef; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/lib/Unicornify/URL.pm new/Gravatar-URL-1.05/lib/Unicornify/URL.pm --- old/Gravatar-URL-1.04/lib/Unicornify/URL.pm 2011-03-29 06:53:55.000000000 +0200 +++ new/Gravatar-URL-1.05/lib/Unicornify/URL.pm 2011-07-06 12:48:05.000000000 +0200 @@ -3,7 +3,7 @@ use strict; use warnings; -our $VERSION = '1.04'; +our $VERSION = '1.05'; use Gravatar::URL qw(gravatar_url); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gravatar-URL-1.04/t/libravatar.t new/Gravatar-URL-1.05/t/libravatar.t --- old/Gravatar-URL-1.04/t/libravatar.t 2011-03-29 06:53:55.000000000 +0200 +++ new/Gravatar-URL-1.05/t/libravatar.t 2011-07-06 12:48:05.000000000 +0200 @@ -130,6 +130,30 @@ is Libravatar::URL::build_url($target, $port), $url; } + my @sanitization_tests = ( + [undef, undef, + [undef, undef], + ], + + ['example.com', undef, + [undef, undef], + ], + + ['example.com', 80, + ['example.com', 80], + ], + + ['example.org', 81, + ['example.org', 81], + ], + ); + + for my $test (@sanitization_tests) { + my ($target, $port, $pair) = @$test; + my @result = Libravatar::URL::sanitize_target($target, $port); + is_deeply \@result, $pair; + } + my @srv_tests = ( [[ ], @@ -213,6 +237,6 @@ is_deeply \@result, $pair; } - $test_count = @email_domain_tests + @openid_domain_tests + @lowercase_openid + @url_tests + @srv_tests + 2; + $test_count = @email_domain_tests + @openid_domain_tests + @lowercase_openid + @url_tests + @sanitization_tests + @srv_tests + 2; done_testing($test_count); } -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org