Hello community,
here is the log from the commit of package perl-CGI for openSUSE:Factory checked in at 2019-05-03 22:27:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-CGI (Old)
and /work/SRC/openSUSE:Factory/.perl-CGI.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-CGI"
Fri May 3 22:27:46 2019 rev:12 rq:700229 version:4.43
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-CGI/perl-CGI.changes 2019-03-28 22:44:52.723090854 +0100
+++ /work/SRC/openSUSE:Factory/.perl-CGI.new.5148/perl-CGI.changes 2019-05-03 22:27:51.984355388 +0200
@@ -1,0 +2,11 @@
+Thu May 2 05:03:14 UTC 2019 - Stephan Kulow
+
+- updated to 4.43
+ see /usr/share/doc/packages/perl-CGI/Changes
+
+ 4.43 2019-05-01
+
+ [ FIX / TESTING ]
+ - support unquoted multipart/form-data name values (GH #234)
+
+-------------------------------------------------------------------
Old:
----
CGI-4.42.tar.gz
New:
----
CGI-4.43.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-CGI.spec ++++++
--- /var/tmp/diff_new_pack.kUugy2/_old 2019-05-03 22:27:52.556355199 +0200
+++ /var/tmp/diff_new_pack.kUugy2/_new 2019-05-03 22:27:52.556355199 +0200
@@ -17,7 +17,7 @@
Name: perl-CGI
-Version: 4.42
+Version: 4.43
Release: 0
%define cpan_name CGI
Summary: Handle Common Gateway Interface requests and responses
++++++ CGI-4.42.tar.gz -> CGI-4.43.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/Changes new/CGI-4.43/Changes
--- old/CGI-4.42/Changes 2019-03-26 17:27:01.000000000 +0100
+++ new/CGI-4.43/Changes 2019-05-01 09:58:26.000000000 +0200
@@ -1,3 +1,8 @@
+4.43 2019-05-01
+
+ [ FIX / TESTING ]
+ - support unquoted multipart/form-data name values (GH #234)
+
4.42 2019-03-26
[ DOCUMENTATION ]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/MANIFEST new/CGI-4.43/MANIFEST
--- old/CGI-4.42/MANIFEST 2019-03-26 17:29:14.000000000 +0100
+++ new/CGI-4.43/MANIFEST 2019-05-01 16:27:11.000000000 +0200
@@ -82,6 +82,8 @@
t/upload.t
t/uploadInfo.t
t/upload_post_text.txt
+t/upload_post_quoted_unquoted.txt
+t/upload_quoted_unquoted.t
t/url.t
t/user_agent.t
t/utf8.t
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/META.json new/CGI-4.43/META.json
--- old/CGI-4.42/META.json 2019-03-26 17:29:14.000000000 +0100
+++ new/CGI-4.43/META.json 2019-05-01 16:27:11.000000000 +0200
@@ -79,6 +79,6 @@
"web" : "https://github.com/leejo/CGI.pm"
}
},
- "version" : "4.42",
+ "version" : "4.43",
"x_serialization_backend" : "JSON::PP version 2.97001"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/META.yml new/CGI-4.43/META.yml
--- old/CGI-4.42/META.yml 2019-03-26 17:29:14.000000000 +0100
+++ new/CGI-4.43/META.yml 2019-05-01 16:27:10.000000000 +0200
@@ -48,5 +48,5 @@
homepage: https://metacpan.org/module/CGI
license: http://dev.perl.org/licenses/
repository: https://github.com/leejo/CGI.pm
-version: '4.42'
+version: '4.43'
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/lib/CGI/Carp.pm new/CGI-4.43/lib/CGI/Carp.pm
--- old/CGI-4.42/lib/CGI/Carp.pm 2019-03-26 17:26:14.000000000 +0100
+++ new/CGI-4.43/lib/CGI/Carp.pm 2019-05-01 09:58:26.000000000 +0200
@@ -327,7 +327,7 @@
$main::SIG{__WARN__}=\&CGI::Carp::warn;
-$CGI::Carp::VERSION = '4.42';
+$CGI::Carp::VERSION = '4.43';
$CGI::Carp::CUSTOM_MSG = undef;
$CGI::Carp::DIE_HANDLER = undef;
$CGI::Carp::TO_BROWSER = 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/lib/CGI/Cookie.pm new/CGI-4.43/lib/CGI/Cookie.pm
--- old/CGI-4.42/lib/CGI/Cookie.pm 2019-03-26 17:26:19.000000000 +0100
+++ new/CGI-4.43/lib/CGI/Cookie.pm 2019-05-01 09:58:26.000000000 +0200
@@ -5,7 +5,7 @@
use if $] >= 5.019, 'deprecate';
-our $VERSION='4.42';
+our $VERSION='4.43';
use CGI::Util qw(rearrange unescape escape);
use overload '""' => \&as_string, 'cmp' => \&compare, 'fallback' => 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/lib/CGI/File/Temp.pm new/CGI-4.43/lib/CGI/File/Temp.pm
--- old/CGI-4.42/lib/CGI/File/Temp.pm 2019-03-26 17:26:11.000000000 +0100
+++ new/CGI-4.43/lib/CGI/File/Temp.pm 2019-05-01 09:58:26.000000000 +0200
@@ -3,7 +3,7 @@
# you use it directly and your code breaks horribly.
package CGI::File::Temp;
-$CGI::File::Temp::VERSION = '4.42';
+$CGI::File::Temp::VERSION = '4.43';
use parent File::Temp;
use parent Fh;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/lib/CGI/Pretty.pm new/CGI-4.43/lib/CGI/Pretty.pm
--- old/CGI-4.42/lib/CGI/Pretty.pm 2019-03-26 17:26:22.000000000 +0100
+++ new/CGI-4.43/lib/CGI/Pretty.pm 2019-05-01 09:58:26.000000000 +0200
@@ -6,7 +6,7 @@
use if $] >= 5.019, 'deprecate';
use CGI ();
-$CGI::Pretty::VERSION = '4.42';
+$CGI::Pretty::VERSION = '4.43';
$CGI::DefaultClass = __PACKAGE__;
@CGI::Pretty::ISA = qw( CGI );
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/lib/CGI/Push.pm new/CGI-4.43/lib/CGI/Push.pm
--- old/CGI-4.42/lib/CGI/Push.pm 2019-03-26 17:26:24.000000000 +0100
+++ new/CGI-4.43/lib/CGI/Push.pm 2019-05-01 09:58:26.000000000 +0200
@@ -6,7 +6,7 @@
use warnings;
#/;
-$CGI::Push::VERSION='4.42';
+$CGI::Push::VERSION='4.43';
use CGI;
use CGI::Util 'rearrange';
@ISA = ('CGI');
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/lib/CGI/Util.pm new/CGI-4.43/lib/CGI/Util.pm
--- old/CGI-4.42/lib/CGI/Util.pm 2019-03-26 17:26:17.000000000 +0100
+++ new/CGI-4.43/lib/CGI/Util.pm 2019-05-01 09:58:26.000000000 +0200
@@ -6,7 +6,7 @@
our @EXPORT_OK = qw(rearrange rearrange_header make_attributes unescape escape
expires ebcdic2ascii ascii2ebcdic);
-our $VERSION = '4.42';
+our $VERSION = '4.43';
our $_EBCDIC = "\t" ne "\011";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/lib/CGI.pm new/CGI-4.43/lib/CGI.pm
--- old/CGI-4.42/lib/CGI.pm 2019-03-26 17:26:32.000000000 +0100
+++ new/CGI-4.43/lib/CGI.pm 2019-05-01 09:58:26.000000000 +0200
@@ -8,7 +8,7 @@
use warnings;
#/;
-$CGI::VERSION='4.42';
+$CGI::VERSION='4.43';
use CGI::Util qw(rearrange rearrange_header make_attributes unescape escape expires ebcdic2ascii ascii2ebcdic);
@@ -3343,7 +3343,7 @@
$header{'Content-Disposition'} ||= ''; # quench uninit variable warning
- my($param)= $header{'Content-Disposition'}=~/[\s;]name="([^"]*)"/;
+ my $param = _mp_value_parse( $header{'Content-Disposition'},'name' );
$param .= $TAINTED;
# See RFC 1867, 2183, 2045
@@ -3450,6 +3450,28 @@
}
}
+sub _mp_value_parse {
+ my ( $string,$field ) = @_;
+
+ my $is_quoted = $string =~/[\s;]$field="/ ? 1 : 0;
+ my $param;
+
+ if ( $is_quoted ) {
+ # a quoted token cannot contain anything but an unescaped quote
+ ($param) = $string =~/[\s;]$field="((?:\\"|[^"])*)"/;
+ } else {
+ # a plain token cannot contain any reserved characters
+ # https://tools.ietf.org/html/rfc2616#section-2.2
+ # separators = "(" | ")" | "<" | ">" | "@"
+ # | "," | ";" | ":" | "\" | <">
+ # | "/" | "[" | "]" | "?" | "="
+ # | "{" | "}" | SP | HT
+ ($param) = $string =~/[\s;]$field=([^\(\)<>\@,;:\\"\/\[\]\?=\{\} \015\n\t]*)/;
+ }
+
+ return $param;
+}
+
#####
# subroutine: read_multipart_related
#
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/lib/Fh.pm new/CGI-4.43/lib/Fh.pm
--- old/CGI-4.42/lib/Fh.pm 2019-03-26 17:26:09.000000000 +0100
+++ new/CGI-4.43/lib/Fh.pm 2019-05-01 09:58:26.000000000 +0200
@@ -5,6 +5,6 @@
use strict;
use warnings;
-$Fh::VERSION = '4.42';
+$Fh::VERSION = '4.43';
1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/t/upload_post_quoted_unquoted.txt new/CGI-4.43/t/upload_post_quoted_unquoted.txt
--- old/CGI-4.42/t/upload_post_quoted_unquoted.txt 1970-01-01 01:00:00.000000000 +0100
+++ new/CGI-4.43/t/upload_post_quoted_unquoted.txt 2019-05-01 09:58:26.000000000 +0200
@@ -0,0 +1,27 @@
+------MyGreatBoundary
+Content-Type: text/plain; charset=utf-8
+Content-Disposition: form-data; name=code
+
+4019300163786
+------MyGreatBoundary
+Content-Type: text/plain; charset=utf-8
+Content-Disposition: form-data; name="word"
+
+squeaky
+------MyGreatBoundary
+Content-Type: text/plain; charset=utf-8
+Content-Disposition: form-data; name="why do \"this\""
+
+because
+------MyGreatBoundary
+Content-Type: text/plain; charset=utf-8
+Content-Disposition: form-data; name="hate ()<>@,;:[]?={} /\""
+
+really hateful
+------MyGreatBoundary
+Content-Type: text/plain; charset=utf-8
+Content-Disposition: form-data; name=éttu
+
+oui
+------MyGreatBoundary--
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CGI-4.42/t/upload_quoted_unquoted.t new/CGI-4.43/t/upload_quoted_unquoted.t
--- old/CGI-4.42/t/upload_quoted_unquoted.t 1970-01-01 01:00:00.000000000 +0100
+++ new/CGI-4.43/t/upload_quoted_unquoted.t 2019-05-01 09:58:26.000000000 +0200
@@ -0,0 +1,78 @@
+#!/usr/local/bin/perl -w
+
+use strict;
+use Test::More 'no_plan';
+use CGI qw/ :cgi /;
+use utf8;
+
+my %myenv;
+
+BEGIN {
+ %myenv = (
+ 'SCRIPT_NAME' => '/test.cgi',
+ 'SERVER_NAME' => 'perl.org',
+ 'HTTP_CONNECTION' => 'TE, close',
+ 'REQUEST_METHOD' => 'POST',
+ 'SCRIPT_URI' => 'http://www.perl.org/test.cgi',
+ 'CONTENT_LENGTH' => 3285,
+ 'SCRIPT_FILENAME' => '/home/usr/test.cgi',
+ 'SERVER_SOFTWARE' => 'Apache/1.3.27 (Unix) ',
+ 'HTTP_TE' => 'deflate,gzip;q=0.3',
+ 'QUERY_STRING' => '',
+ 'REMOTE_PORT' => '1855',
+ 'HTTP_USER_AGENT' => 'Mozilla/5.0 (compatible; Konqueror/2.1.1; X11)',
+ 'SERVER_PORT' => '80',
+ 'REMOTE_ADDR' => '127.0.0.1',
+ 'CONTENT_TYPE' => 'multipart/form-data; boundary="----MyGreatBoundary',
+ 'SERVER_PROTOCOL' => 'HTTP/1.1',
+ 'PATH' => '/usr/local/bin:/usr/bin:/bin',
+ 'REQUEST_URI' => '/test.cgi',
+ 'GATEWAY_INTERFACE' => 'CGI/1.1',
+ 'SCRIPT_URL' => '/test.cgi',
+ 'SERVER_ADDR' => '127.0.0.1',
+ 'DOCUMENT_ROOT' => '/home/develop',
+ 'HTTP_HOST' => 'www.perl.org'
+ );
+
+ for my $key (keys %myenv) {
+ $ENV{$key} = $myenv{$key};
+ }
+}
+
+END {
+ for my $key (keys %myenv) {
+ delete $ENV{$key};
+ }
+}
+
+my $q;
+
+{
+ local *STDIN;
+ open STDIN, 'new;
+}
+
+note explain $q;
+
+# simple names
+is( $q->param('code'),'4019300163786','code' );
+is( $q->param('word'),'squeaky','word' );
+
+TODO: {
+ # may need to MIME encode the name value in this case
+ local $TODO = "->param borked with non-ascii?";
+ is( $q->param('éttu'),'oui','éttu' );
+};
+
+# hateful names
+is( $q->param('why do \"this\"'),'because','quoted with quote' );
+is(
+ $q->param("hate ()<>@,;:[]?={}\t/\\\""),
+ 'really hateful',
+ 'reserved chars',
+);
+
+# vim: nospell