rpms/perl-HTTP-Tiny
6
0
Fork 0
Code Issues Pull Requests Releases Activity

0.039 bump

Browse Source
This commit is contained in:
Petr Písař 2013-11-28 13:29:48 +01:00
parent 693e0bc812
commit 4c81294b08
5 changed files with 16 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -9,3 +9,4 @@
/HTTP-Tiny-0.036.tar.gz
/HTTP-Tiny-0.037.tar.gz
/HTTP-Tiny-0.038.tar.gz
/HTTP-Tiny-0.039.tar.gz

45
HTTP-Tiny-0.038-Do-not-use-already-existing-temporary-files.patch
View File

@ -1,45 +0,0 @@
From 5391d7a3c315afbdfb56d68b729cd20c0c6a893d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 27 Nov 2013 10:58:07 +0100
Subject: [PATCH 2/2] Do not use already existing temporary files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
mirror() method tries to create a new temporary file as can be
concluded by using random name.
To prevent from from attacks, one has to make sure the file does not
exist. This patch creates temporary files with O_CREAT|O_EXCL mode.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
lib/HTTP/Tiny.pm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
index 48763ff..04c4858 100644
--- a/lib/HTTP/Tiny.pm
+++ b/lib/HTTP/Tiny.pm
@@ -6,6 +6,7 @@ use warnings;
our $VERSION = '0.038'; # VERSION
use Carp ();
+use Fcntl ();
my @attributes;
@@ -113,8 +114,8 @@ sub mirror {
$args->{headers}{'if-modified-since'} ||= $self->_http_date($mtime);
}
my $tempfile = $file . int(rand(2**31));
- open my $fh, ">", $tempfile
- or Carp::croak(qq/Error: Could not open temporary file $tempfile for downloading: $!\n/);
+ sysopen my $fh, $tempfile, Fcntl::O_CREAT|Fcntl::O_EXCL|Fcntl::O_WRONLY
+ or Carp::croak(qq/Error: Could not create temporary file $tempfile for downloading: $!\n/);
binmode $fh;
$args->{data_callback} = sub {
print {$fh} $_[0]
--
1.8.3.1

14
HTTP-Tiny-0.038-Croak-on-failed-write-into-a-file.patch → HTTP-Tiny-0.039-Croak-on-failed-write-into-a-file.patch
View File

@ -1,7 +1,7 @@
From 4ead7785b495b48f027f77abe2b1173f3c05f02c Mon Sep 17 00:00:00 2001
From 2dba24236cf734ce89a058541815eef2eb59475c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Wed, 27 Nov 2013 10:45:39 +0100
Subject: [PATCH 1/2] Croak on failed write into a file
Subject: [PATCH] Croak on failed write into a file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@ -16,12 +16,12 @@ Signed-off-by: Petr Písař <ppisar@redhat.com>
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
index 0178d65..48763ff 100644
index bb824c2..9d98e1f 100644
--- a/lib/HTTP/Tiny.pm
+++ b/lib/HTTP/Tiny.pm
@@ -116,7 +116,10 @@ sub mirror {
open my $fh, ">", $tempfile
or Carp::croak(qq/Error: Could not open temporary file $tempfile for downloading: $!\n/);
@@ -118,7 +118,10 @@ sub mirror {
sysopen my $fh, $tempfile, Fcntl::O_CREAT()|Fcntl::O_EXCL()|Fcntl::O_WRONLY()
or Carp::croak(qq/Error: Could not create temporary file $tempfile for downloading: $!\n/);
binmode $fh;
- $args->{data_callback} = sub { print {$fh} $_[0] };
+ $args->{data_callback} = sub {
@ -30,7 +30,7 @@ index 0178d65..48763ff 100644
+ };
my $response = $self->request('GET', $url, $args);
close $fh
or Carp::croak(qq/Error: Could not close temporary file $tempfile: $!\n/);
or Carp::croak(qq/Error: Caught error closing temporary file $tempfile: $!\n/);
--
1.8.3.1

14
perl-HTTP-Tiny.spec
View File

@ -1,6 +1,6 @@
Name: perl-HTTP-Tiny
Version: 0.038
Release: 2%{?dist}
Version: 0.039
Release: 1%{?dist}
Summary: Small, simple, correct HTTP/1.1 client
License: GPL+ or Artistic
Group: Development/Libraries
@ -8,10 +8,7 @@ URL: http://search.cpan.org/dist/HTTP-Tiny/
Source0: http://www.cpan.org/authors/id/D/DA/DAGOLDEN/HTTP-Tiny-%{version}.tar.gz
# Check for write failure, bug #1031096,
# <https://github.com/chansen/p5-http-tiny/issues/32>
Patch0: HTTP-Tiny-0.038-Croak-on-failed-write-into-a-file.patch
# Do not use already existing temporary files, bug #1031096,
# <https://github.com/chansen/p5-http-tiny/issues/32>
Patch1: HTTP-Tiny-0.038-Do-not-use-already-existing-temporary-files.patch
Patch0: HTTP-Tiny-0.039-Croak-on-failed-write-into-a-file.patch
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl(ExtUtils::MakeMaker) >= 6.17
@ -45,6 +42,7 @@ BuildRequires: perl(IO::Socket::INET)
BuildRequires: perl(IPC::Cmd)
Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
Requires: perl(bytes)
Requires: perl(Fcntl)
Requires: perl(MIME::Base64)
Requires: perl(Time::Local)
@ -59,7 +57,6 @@ resumes after EINTR.
%prep
%setup -q -n HTTP-Tiny-%{version}
%patch0 -p1
%patch1 -p1
%build
perl Makefile.PL INSTALLDIRS=vendor
@ -79,6 +76,9 @@ make test
%{_mandir}/man3/*
%changelog
* Thu Nov 28 2013 Petr Pisar <ppisar@redhat.com> - 0.039-1
- 0.039 bump
* Wed Nov 27 2013 Petr Pisar <ppisar@redhat.com> - 0.038-2
- Croak on failed write into a file (bug #1031096)
- Do not use already existing temporary files (bug #1031096)

2
sources
View File

@ -1 +1 @@
55f73a9b1cc9843e307487d2d7fe637a HTTP-Tiny-0.038.tar.gz
322bcc9567cc2c8d6202e0cb4a9528cc HTTP-Tiny-0.039.tar.gz