r77182 - in /branches/upstream/libgravatar-url-perl/current: Changes META.yml SIGNATURE lib/Gravatar/URL.pm lib/Libravatar/URL.pm lib/Unicornify/URL.pm t/libravatar.t
angelabad-guest at users.alioth.debian.org
angelabad-guest at users.alioth.debian.org
Thu Jul 7 12:21:24 UTC 2011
Author: angelabad-guest
Date: Thu Jul 7 12:21:20 2011
New Revision: 77182
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=77182
Log:
[svn-upgrade] new version libgravatar-url-perl (1.05)
Modified:
branches/upstream/libgravatar-url-perl/current/Changes
branches/upstream/libgravatar-url-perl/current/META.yml
branches/upstream/libgravatar-url-perl/current/SIGNATURE
branches/upstream/libgravatar-url-perl/current/lib/Gravatar/URL.pm
branches/upstream/libgravatar-url-perl/current/lib/Libravatar/URL.pm
branches/upstream/libgravatar-url-perl/current/lib/Unicornify/URL.pm
branches/upstream/libgravatar-url-perl/current/t/libravatar.t
Modified: branches/upstream/libgravatar-url-perl/current/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libgravatar-url-perl/current/Changes?rev=77182&op=diff
==============================================================================
--- branches/upstream/libgravatar-url-perl/current/Changes (original)
+++ branches/upstream/libgravatar-url-perl/current/Changes Thu Jul 7 12:21:20 2011
@@ -1,3 +1,7 @@
+1.05 Wed Jul 6 22:40:06 NZST 2011
+ Security fix
+ * Sanitize DNS results in Libravatar::URL
+
1.04 Tue Mar 29 17:47:34 NZDT 2011
New features
* Added OpenID support in Libravatar::URL
Modified: branches/upstream/libgravatar-url-perl/current/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libgravatar-url-perl/current/META.yml?rev=77182&op=diff
==============================================================================
--- branches/upstream/libgravatar-url-perl/current/META.yml (original)
+++ branches/upstream/libgravatar-url-perl/current/META.yml Thu Jul 7 12:21:20 2011
@@ -1,16 +1,29 @@
---
-name: Gravatar-URL
-version: 1.04
+abstract: 'Make URLs for Gravatars from an email address'
author: []
-abstract: Make URLs for Gravatars from an email address
-license: perl
-resources:
- bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Gravatar-URL
- license: http://dev.perl.org/licenses/
- repository: http://github.com/schwern/gravatar-url/tree/master
build_requires:
Test::More: 0.4
Test::Warn: 0.11
+configure_requires:
+ Module::Build: 0.2808
+generated_by: 'Module::Build version 0.3603'
+keywords:
+ - Gravatar
+license: perl
+meta-spec:
+ url: http://module-build.sourceforge.net/META-spec-v1.4.html
+ version: 1.4
+name: Gravatar-URL
+provides:
+ Gravatar::URL:
+ file: lib/Gravatar/URL.pm
+ version: 1.05
+ Libravatar::URL:
+ file: lib/Libravatar/URL.pm
+ version: 1.05
+ Unicornify::URL:
+ file: lib/Unicornify/URL.pm
+ version: 1.05
requires:
Carp: 0
Digest::MD5: 0
@@ -19,21 +32,8 @@
URI::Escape: 0
parent: 0
perl: v5.6.0
-configure_requires:
- Module::Build: 0.2808
-provides:
- Gravatar::URL:
- file: lib/Gravatar/URL.pm
- version: 1.04
- Libravatar::URL:
- file: lib/Libravatar/URL.pm
- version: 1.04
- Unicornify::URL:
- file: lib/Unicornify/URL.pm
- version: 1.04
-generated_by: Module::Build version 0.340201
-meta-spec:
- url: http://module-build.sourceforge.net/META-spec-v1.4.html
- version: 1.4
-keywords:
- - Gravatar
+resources:
+ bugtracker: http://rt.cpan.org/Public/Dist/Display.html?Name=Gravatar-URL
+ license: http://dev.perl.org/licenses/
+ repository: http://github.com/schwern/gravatar-url/tree/master
+version: 1.05
Modified: branches/upstream/libgravatar-url-perl/current/SIGNATURE
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libgravatar-url-perl/current/SIGNATURE?rev=77182&op=diff
==============================================================================
--- branches/upstream/libgravatar-url-perl/current/SIGNATURE (original)
+++ branches/upstream/libgravatar-url-perl/current/SIGNATURE Thu Jul 7 12:21:20 2011
@@ -1,5 +1,5 @@
This file contains message digests of all files listed in MANIFEST,
-signed via the Module::Signature module, version 0.66.
+signed via the Module::Signature module, version 0.68.
To verify the content in this distribution, first make sure you have
Module::Signature installed, then type:
@@ -15,33 +15,33 @@
Hash: SHA256
SHA1 7167d0e20bd720b44dd6537748b258de132d4931 Build.PL
-SHA1 6a25663ad17eae0e367ec4679d64ca9a15a68190 Changes
+SHA1 0502a2e8c361179910ff3392944d933f7a979b23 Changes
SHA1 18bb6448d08c7658c6991171dbee9b761cf72e8d MANIFEST
SHA1 8ca6e2e38708e91e4bd249dc854520a142c3cafe MANIFEST.SKIP
-SHA1 3f588ec2c21f33603265575474a91643b7454750 META.yml
-SHA1 ea9ce95f0027d1356cfecc9ade1f899f5d05b5a4 lib/Gravatar/URL.pm
-SHA1 f2f931bf78a6b63ed2646f80d68477944a7f93c3 lib/Libravatar/URL.pm
-SHA1 c61a9a12a298c2b9300fb5af99a3b38b2abe5b98 lib/Unicornify/URL.pm
+SHA1 26950201abf7203cf20e9c552cc18ffdf0bf01d1 META.yml
+SHA1 a7b7bd01200e13a6745ffb939bc332e3a0592268 lib/Gravatar/URL.pm
+SHA1 2ce4d71a777ff5d809598005f238c5fc401a1647 lib/Libravatar/URL.pm
+SHA1 ee00760fb95aec563a4da0fd6ac247fa90f5920f lib/Unicornify/URL.pm
SHA1 02f21c26f52380259046ea05ae9d560b8a5c5072 t/deprecated.t
SHA1 0250d25f32bcfe6dafab0b3892f4575959ef6890 t/error.t
SHA1 3b4f3259bb95a336b73ecd2c06bf96dd30637a0a t/id.t
-SHA1 33e83ab4d46c39e69472167a55ed5bc920a5d2c7 t/libravatar.t
+SHA1 c1f9d8c33601bda1bc92ca23c1904e62efb36ed2 t/libravatar.t
SHA1 7bdb7b0b2b440eaade3bb2a968c4919c7c2d4666 t/unicornify.t
SHA1 1b8f6257f03be54ba3e0d39973b3ff0113785afa t/url.t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-iQIcBAEBCAAGBQJNkWXjAAoJEBYoHy4AfJjRsjoQALAMi12O5P4XYM89vs89bK7r
-lBvaPPZgWqdPN//BaHrycdJyCyutH427NUhO/pgK2mWcdlRv81gcPmnaUrzxxRNr
-2GYPpbf5L90U2C8O3kaggU3Si1R+y1mQutlFgDCtOZrc+9IHD4c8SCT8n/6PqEVr
-2iKgKIPajY9QT3orjlo/DfrJn2gVj46p0HCphuduF+GHf1YEsCkFTwBkON+Je/Lc
-I4m/YMwuV1CZCN68F1Iu0+E2HbJrfqDU24ouj9sQzf7ZwffQX46ufjXpPFNU+tIE
-HM2xKvd2BNx4EQOXQoGsKb/L/gKuHAr+sokJ1xEQzSMvdf6gvEB2Wzo9DBYZQVDC
-HoJDLHvcdy6lZyss7QQVv9va6c3T0AxUP7FAYnt+Cy5QiGPEwy7PkvLAsIimxyZW
-XGfkzeT/Nl9Zz7cWmJxmFltYgsIsFbrUMlpe8wjTq0FNszwELJQcUm1eGtUQKqVp
-xpRSTa28uvx5liwQwHGdGaraYgo8+aynF0TxUKgd0cNrunlHonaNmvrFq9gelSAX
-Nzds2gUywit/luKCOuWg0IS8quofMYBvGByHQwo+geqHSNzanWi3lApyqgi9bgIt
-CAzZPjRb6OLZJvvIpWLZ5LB+ib5VNBcdAI1mbMfjIxIAG7QEE8iJCSqrhCl3v2An
-vFOVcb3OpUjkpMi1AvF7
-=YMWU
+iQIcBAEBCAAGBQJOFD1lAAoJEBYoHy4AfJjRkMgQAKUxU7He/MhwnVnJcKcGmgue
+p8+5QV+1FNktZyRKsjWlQt2ChZ59nyRr7pnV9WVg0ZODcWTNXQYvG40YcaDcXPaC
+GQ41hlbQYusoioY+2YnQckLhP7FPwCrpsTl/IHwW1wg+lj/U4Eb0xLQYQcAVH7Wq
+LFGM/2Gnx1k/y66rlZT292gwSYsP5YOCOQpzzxYzfZs90GRAIFDIljKRs9S5SOWe
+4naOKtMJO6knaMTNI+4zXDJUGUsflnUuJ4PE6KGnToIESlIGyxn9cV2rIkEY/ozL
+7KcNQB/Y+PrgIpZ9kfIv+NT2vR3jJk4CbSj6dUSenN8mtcfWbQ5b6g3SGbuCm9ei
+sdisMmp6eoopdpFtidiItqD3tvibY+a5GMN+pYSvQLEFJUUuHUHwxL/BfAyE9ODk
+mYFXwtzUBN1t4CbSNXDxZ8IZpRWZJerMj+6RX+mgU5N1EKgVj/aXIILxV6gzTvWg
+q09xQDU9ZaN1QDlZ/UGxxCCe29Pqe8R23CGTAGIZwU//uPGxrDc7WR9hzfQMDq9U
+wHw4y0SBW2cYdf08ZjqlRvQN1bXOqRLT9sZOMsPtui3pUQaw2JmP+ob3dYXeytzL
+LavcfhQFoZ4XatdGQzu08UNKc/s2oi4per5ZFi3xWNjBtdJfJFOLDar/e3CpPsem
+4mUio8/ztrDII4m0ao/t
+=r7yG
-----END PGP SIGNATURE-----
Modified: branches/upstream/libgravatar-url-perl/current/lib/Gravatar/URL.pm
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libgravatar-url-perl/current/lib/Gravatar/URL.pm?rev=77182&op=diff
==============================================================================
--- branches/upstream/libgravatar-url-perl/current/lib/Gravatar/URL.pm (original)
+++ branches/upstream/libgravatar-url-perl/current/lib/Gravatar/URL.pm Thu Jul 7 12:21:20 2011
@@ -7,7 +7,7 @@
use Digest::MD5 qw(md5_hex);
use Carp;
-our $VERSION = '1.04';
+our $VERSION = '1.05';
use parent 'Exporter';
our @EXPORT = qw(
Modified: branches/upstream/libgravatar-url-perl/current/lib/Libravatar/URL.pm
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libgravatar-url-perl/current/lib/Libravatar/URL.pm?rev=77182&op=diff
==============================================================================
--- branches/upstream/libgravatar-url-perl/current/lib/Libravatar/URL.pm (original)
+++ branches/upstream/libgravatar-url-perl/current/lib/Libravatar/URL.pm Thu Jul 7 12:21:20 2011
@@ -7,7 +7,7 @@
use Digest::SHA qw(sha256_hex);
use Carp;
-our $VERSION = '1.04';
+our $VERSION = '1.05';
use parent 'Exporter';
our @EXPORT = qw(
@@ -197,6 +197,19 @@
return $url;
}
+sub sanitize_target {
+ my ( $target, $port ) = @_;
+
+ unless ( $target =~ m/^[0-9a-zA-Z\-.]+$/ ) {
+ return ( undef, undef );
+ }
+ unless ( $port =~ m/^[0-9]{1,5}$/ ) {
+ return ( undef, undef );
+ }
+
+ return ( $target, $port )
+}
+
sub federated_url {
my %args = @_;
@@ -215,7 +228,7 @@
my $packet = $fast_resolver->query($srv_prefix . '._tcp.' . $domain, 'SRV');
if ( $packet and $packet->answer ) {
- my ( $target, $port ) = srv_hostname($packet->answer);
+ my ( $target, $port ) = sanitize_target(srv_hostname($packet->answer));
return build_url($target, $port, $args{https});
}
return undef;
Modified: branches/upstream/libgravatar-url-perl/current/lib/Unicornify/URL.pm
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libgravatar-url-perl/current/lib/Unicornify/URL.pm?rev=77182&op=diff
==============================================================================
--- branches/upstream/libgravatar-url-perl/current/lib/Unicornify/URL.pm (original)
+++ branches/upstream/libgravatar-url-perl/current/lib/Unicornify/URL.pm Thu Jul 7 12:21:20 2011
@@ -3,7 +3,7 @@
use strict;
use warnings;
-our $VERSION = '1.04';
+our $VERSION = '1.05';
use Gravatar::URL qw(gravatar_url);
Modified: branches/upstream/libgravatar-url-perl/current/t/libravatar.t
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libgravatar-url-perl/current/t/libravatar.t?rev=77182&op=diff
==============================================================================
--- branches/upstream/libgravatar-url-perl/current/t/libravatar.t (original)
+++ branches/upstream/libgravatar-url-perl/current/t/libravatar.t Thu Jul 7 12:21:20 2011
@@ -128,6 +128,30 @@
for my $test (@url_tests) {
my ($target, $port, $url) = @$test;
is Libravatar::URL::build_url($target, $port), $url;
+ }
+
+ my @sanitization_tests = (
+ [undef, undef,
+ [undef, undef],
+ ],
+
+ ['example.com', undef,
+ [undef, undef],
+ ],
+
+ ['example.com', 80,
+ ['example.com', 80],
+ ],
+
+ ['example.org', 81,
+ ['example.org', 81],
+ ],
+ );
+
+ for my $test (@sanitization_tests) {
+ my ($target, $port, $pair) = @$test;
+ my @result = Libravatar::URL::sanitize_target($target, $port);
+ is_deeply \@result, $pair;
}
my @srv_tests = (
@@ -213,6 +237,6 @@
is_deeply \@result, $pair;
}
- $test_count = @email_domain_tests + @openid_domain_tests + @lowercase_openid + @url_tests + @srv_tests + 2;
+ $test_count = @email_domain_tests + @openid_domain_tests + @lowercase_openid + @url_tests + @sanitization_tests + @srv_tests + 2;
done_testing($test_count);
}
More information about the Pkg-perl-cvs-commits
mailing list