diff --git a/lwp-untaint.patch b/lwp-untaint.patch new file mode 100644 index 0000000..0f05445 --- /dev/null +++ b/lwp-untaint.patch @@ -0,0 +1,13 @@ +diff --git a/lib/HTTP/Message.pm b/lib/HTTP/Message.pm +index 12acdfa..4c15fb2 100644 +--- a/lib/HTTP/Message.pm ++++ b/lib/HTTP/Message.pm +@@ -404,7 +404,7 @@ sub _stale_content { + # delegate all other method calls the the _headers object. + sub AUTOLOAD + { +- my $method = substr($AUTOLOAD, rindex($AUTOLOAD, '::')+2); ++ my ($method) = ($AUTOLOAD =~ /^.*::(.+)$/); # untaint + return if $method eq "DESTROY"; + + # We create the function here so that it will not need to be diff --git a/perl-libwww-perl.spec b/perl-libwww-perl.spec index 4efbd2f..78c3b52 100644 --- a/perl-libwww-perl.spec +++ b/perl-libwww-perl.spec @@ -1,6 +1,6 @@ Name: perl-libwww-perl Version: 5.814 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A Perl interface to the World-Wide Web Group: Development/Libraries @@ -14,6 +14,7 @@ Source0: http://www.cpan.org/authors/id/G/GA/GAAS/libwww-perl-%{version}. # about being lazy and skipping these instead of figuring out why they # fail in mock and not on my box. Patch1: perl-libwww-perl-5.808-skip-message-tests.patch +Patch2: lwp-untaint.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch @@ -36,6 +37,7 @@ help you implement simple HTTP servers. %prep %setup -q -n libwww-perl-%{version} ##%patch1 -p1 +%patch2 -p1 # Install the aliases by default %{__perl} -pi -e 's|my \$default = "n";|my \$default = "y";|' Makefile.PL @@ -114,6 +116,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Sep 18 2008 Marcela Maslanova 5.814-2 +- use untaint patch from Villa Skyte + * Thu Sep 18 2008 Marcela Maslanova 5.814-1 - update to 5.814 - remove patch, now we have all upstream tests on