On Mon, Dec 17, 2018 at 03:21:27AM +0100, Charlene Wendling wrote:
> Hi,
>
> I'm adding the quirks info as well. Can someone check this out please?
OK afresh1@, although I don't have a firm enough grasp on Quirks to know
for sure this is right.
I also don't know whether it should be backported to -stable.
>
> Charlène.
>
>
> Index: devel/quirks/Makefile
> ===================================================================
> RCS file: /cvs/ports/devel/quirks/Makefile,v
> retrieving revision 1.670
> diff -u -p -r1.670 Makefile
> --- devel/quirks/Makefile 17 Dec 2018 01:10:00 -0000 1.670
> +++ devel/quirks/Makefile 17 Dec 2018 02:19:49 -0000
> @@ -5,7 +5,7 @@ CATEGORIES = devel databases
> DISTFILES =
>
> # API.rev
> -PKGNAME = quirks-3.63
> +PKGNAME = quirks-3.64
> PKG_ARCH = *
> MAINTAINER = Marc Espie <espie@openbsd.org>
>
> Index: devel/quirks/files/Quirks.pm
> ===================================================================
> RCS file: /cvs/ports/devel/quirks/files/Quirks.pm,v
> retrieving revision 1.684
> diff -u -p -r1.684 Quirks.pm
> --- devel/quirks/files/Quirks.pm 17 Dec 2018 01:10:00 -0000 1.684
> +++ devel/quirks/files/Quirks.pm 17 Dec 2018 02:19:49 -0000
> @@ -1282,6 +1282,7 @@ my $cve = {
> 'www/iridium' => 'iridium-<2018.5.67',
> 'www/mozilla-firefox' => 'firefox-<62.0.2p0',
> 'www/nginx' => 'nginx-<1.4.1',
> + 'www/p5-Catalyst-Plugin-Static-Simple' => 'p5-Catalyst-Plugin-Static-Simple-<0.36',
> 'www/p5-CGI-Application' => 'p5-CGI-Application-<4.50p0',
> 'www/py-requests' => 'py-requests-<2.20.0',
> 'www/py-requests,python3' => 'py3-requests-<2.20.0',
> Index: www/p5-Catalyst-Plugin-Static-Simple/Makefile
> ===================================================================
> RCS file: /cvs/ports/www/p5-Catalyst-Plugin-Static-Simple/Makefile,v
> retrieving revision 1.15
> diff -u -p -r1.15 Makefile
> --- www/p5-Catalyst-Plugin-Static-Simple/Makefile 20 Mar 2016 19:57:16 -0000 1.15
> +++ www/p5-Catalyst-Plugin-Static-Simple/Makefile 17 Dec 2018 02:19:49 -0000
> @@ -4,8 +4,7 @@ COMMENT= serving static pages with cata
>
> MODULES= cpan
> PKG_ARCH= *
> -DISTNAME= Catalyst-Plugin-Static-Simple-0.29
> -REVISION= 1
> +DISTNAME= Catalyst-Plugin-Static-Simple-0.36
> CATEGORIES= www
>
> # Perl
> @@ -15,9 +14,9 @@ RUN_DEPENDS= devel/p5-Moose \
> devel/p5-MooseX-Types \
> devel/p5-namespace-autoclean \
> www/p5-Catalyst-Runtime>=5.80008 \
> - mail/p5-MIME-Types>=1.25
> + mail/p5-MIME-Types>=2.03
> BUILD_DEPENDS= ${RUN_DEPENDS}
> -TEST_DEPENDS=www/p5-Catalyst-Plugin-SubRequest>=0.15
> +TEST_DEPENDS= www/p5-Catalyst-Plugin-SubRequest>=0.15
>
> MAKE_ENV= TEST_POD=Yes
>
> Index: www/p5-Catalyst-Plugin-Static-Simple/distinfo
> ===================================================================
> RCS file: /cvs/ports/www/p5-Catalyst-Plugin-Static-Simple/distinfo,v
> retrieving revision 1.7
> diff -u -p -r1.7 distinfo
> --- www/p5-Catalyst-Plugin-Static-Simple/distinfo 18 Jan 2015 03:15:43 -0000 1.7
> +++ www/p5-Catalyst-Plugin-Static-Simple/distinfo 17 Dec 2018 02:19:49 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (Catalyst-Plugin-Static-Simple-0.29.tar.gz) = JLCNF2upuiQM6rLZiUalW76SlVp08UT/71LPR4QKUPI=
> -SIZE (Catalyst-Plugin-Static-Simple-0.29.tar.gz) = 36471
> +SHA256 (Catalyst-Plugin-Static-Simple-0.36.tar.gz) = Nrczj5a+9PJoX3pFVbFRl5Oud4O9PW0iyX87cY8wlFQ=
> +SIZE (Catalyst-Plugin-Static-Simple-0.36.tar.gz) = 44538
>
>
>
>
> On Fri, 7 Dec 2018 20:11:14 +0100
> Charlene Wendling wrote:
>
> > Hi ports,
> >
> > I'm proposing here an update for www/p5-Catalyst-Plugin-Static-Simple,
> > from 0.29 to 0.36, that also fixes CVE-2017-16248 [1] (directory
> > traversal) by the way.
> >
> > What's new upstream (full changelog there [2]):
> >
> > - Fix installation for Perl 5.26+
> > - Relax/fix some tests
> > - Change configuration key to 'Plugin::Static::Simple', using the old
> > 'static' will issue a warning
> >
> > What's new in the port:
> >
> > - mail/p5-MIME-Types version requirement bumped
> > - Tiny spacing fix as well
> >
> > Testing:
> >
> > - 'make test' passes
> > - There are 2 consumers, that i've tested [3]:
> > - www/p5-Catalyst-Devel is fine.
> > - devel/catalyst-tutorial has one error, caused by (a probably
> > way too old) www/p5-HTML-FormFu
> >
> > Any comments/feedback is welcome!
> >
> > Charlène.
> >
> > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16248
> > [2]
> > https://metacpan.org/changes/release/ILMARI/Catalyst-Plugin-Static-Simple-0.36
> > [3] https://transfer.sh/5aESu/p5-Catalyst-Plugin-Static-Simple.tgz
>
--
andrew - http://afresh1.com
At the source of every error which is blamed on the computer, you
will find at least two human errors, including the error of blaming
it on the computer.
No comments:
Post a Comment