Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-CGI-Simple for openSUSE:Factory
checked in at 2025-10-11 22:49:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-CGI-Simple (Old)
and /work/SRC/openSUSE:Factory/.perl-CGI-Simple.new.5300 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-CGI-Simple"
Sat Oct 11 22:49:12 2025 rev:31 rq:1310605 version:1.282.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-CGI-Simple/perl-CGI-Simple.changes
2024-03-09 20:55:42.864850745 +0100
+++
/work/SRC/openSUSE:Factory/.perl-CGI-Simple.new.5300/perl-CGI-Simple.changes
2025-10-11 22:50:25.733747087 +0200
@@ -1,0 +2,12 @@
+Mon Sep 8 12:08:27 UTC 2025 - Tina Müller <[email protected]>
+
+- updated to 1.282.0 (1.282)
+ see /usr/share/doc/packages/perl-CGI-Simple/Changes
+
+ 1.282 2025-08-28 MANWAR
+ - Sanitize all user-supplied values before inserting into HTTP headers.
+ Thanks Maxim Kosenko for raising the issue with recommended solution.
+ Thanks breno for the patch.
+ Thanks Stig Palmquist for assiginig it CVE-2025-40927.
+
+-------------------------------------------------------------------
Old:
----
CGI-Simple-1.281.tar.gz
New:
----
CGI-Simple-1.282.tar.gz
README.md
_scmsync.obsinfo
build.specials.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-CGI-Simple.spec ++++++
--- /var/tmp/diff_new_pack.z1mDKu/_old 2025-10-11 22:50:26.581782689 +0200
+++ /var/tmp/diff_new_pack.z1mDKu/_new 2025-10-11 22:50:26.585782857 +0200
@@ -1,7 +1,7 @@
#
# spec file for package perl-CGI-Simple
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,14 +18,16 @@
%define cpan_name CGI-Simple
Name: perl-CGI-Simple
-Version: 1.281.0
+Version: 1.282.0
Release: 0
-%define cpan_version 1.281
+# 1.282 -> normalize -> 1.282.0
+%define cpan_version 1.282
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: Object-oriented CGI interface compliant to CGI.pm
URL: https://metacpan.org/release/%{cpan_name}
Source0:
https://cpan.metacpan.org/authors/id/M/MA/MANWAR/%{cpan_name}-%{cpan_version}.tar.gz
Source1: cpanspec.yml
+Source100: README.md
BuildArch: noarch
BuildRequires: perl
BuildRequires: perl-macros
@@ -59,7 +61,7 @@
CGI.pm depending on the precise task.
%prep
-%autosetup -n %{cpan_name}-%{cpan_version}
+%autosetup -n %{cpan_name}-%{cpan_version} -p1
%build
perl Makefile.PL INSTALLDIRS=vendor
++++++ CGI-Simple-1.281.tar.gz -> CGI-Simple-1.282.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/Changes new/CGI-Simple-1.282/Changes
--- old/CGI-Simple-1.281/Changes 2024-01-31 15:16:26.000000000 +0100
+++ new/CGI-Simple-1.282/Changes 2025-08-28 21:10:33.000000000 +0200
@@ -1,5 +1,11 @@
Revision history for Perl extension CGI::Simple.
+1.282 2025-08-28 MANWAR
+ - Sanitize all user-supplied values before inserting into HTTP headers.
+ Thanks Maxim Kosenko for raising the issue with recommended solution.
+ Thanks breno for the patch.
+ Thanks Stig Palmquist for assiginig it CVE-2025-40927.
+
1.281 2024-01-31 MANWAR
- RT-151161 Add CGI::Cookie partitioned support, PR #14, thanks
@ldevantier-doseme.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/MANIFEST
new/CGI-Simple-1.282/MANIFEST
--- old/CGI-Simple-1.281/MANIFEST 2024-01-31 15:17:15.000000000 +0100
+++ new/CGI-Simple-1.282/MANIFEST 2025-08-28 21:11:51.000000000 +0200
@@ -5,7 +5,7 @@
lib/CGI/Simple/Standard.pm
lib/CGI/Simple/Util.pm
Makefile.PL
-MANIFEST This list of files
+MANIFEST This list of files
README
t/000.load.t
t/020.cookie.t
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/META.json
new/CGI-Simple-1.282/META.json
--- old/CGI-Simple-1.281/META.json 2024-01-31 15:17:15.000000000 +0100
+++ new/CGI-Simple-1.282/META.json 2025-08-28 21:11:51.000000000 +0200
@@ -4,7 +4,7 @@
"Andy Armstrong <[email protected]>"
],
"dynamic_config" : 1,
- "generated_by" : "ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter
version 2.150010",
+ "generated_by" : "ExtUtils::MakeMaker version 7.70, CPAN::Meta::Converter
version 2.150010",
"license" : [
"perl_5"
],
@@ -48,6 +48,6 @@
"x_license" : "http://dev.perl.org/licenses/";
}
},
- "version" : "1.281",
- "x_serialization_backend" : "JSON::PP version 4.02"
+ "version" : "1.282",
+ "x_serialization_backend" : "JSON::PP version 4.16"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/META.yml
new/CGI-Simple-1.282/META.yml
--- old/CGI-Simple-1.281/META.yml 2024-01-31 15:17:13.000000000 +0100
+++ new/CGI-Simple-1.282/META.yml 2025-08-28 21:11:51.000000000 +0200
@@ -11,7 +11,7 @@
configure_requires:
ExtUtils::MakeMaker: '0'
dynamic_config: 1
-generated_by: 'ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version
2.150010'
+generated_by: 'ExtUtils::MakeMaker version 7.70, CPAN::Meta::Converter version
2.150010'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
@@ -23,5 +23,5 @@
- inc
resources:
repository: http://github.com/manwar/CGI--Simple.git
-version: '1.281'
+version: '1.282'
x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/lib/CGI/Simple/Cookie.pm
new/CGI-Simple-1.282/lib/CGI/Simple/Cookie.pm
--- old/CGI-Simple-1.281/lib/CGI/Simple/Cookie.pm 2024-01-31
15:12:53.000000000 +0100
+++ new/CGI-Simple-1.282/lib/CGI/Simple/Cookie.pm 2025-08-28
21:03:30.000000000 +0200
@@ -13,7 +13,7 @@
use strict;
use warnings;
use vars '$VERSION';
-$VERSION = '1.281';
+$VERSION = '1.282';
use CGI::Simple::Util qw(rearrange unescape escape);
use overload '""' => \&as_string, 'cmp' => \&compare, 'fallback' => 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/lib/CGI/Simple/Standard.pm
new/CGI-Simple-1.282/lib/CGI/Simple/Standard.pm
--- old/CGI-Simple-1.281/lib/CGI/Simple/Standard.pm 2024-01-31
15:12:53.000000000 +0100
+++ new/CGI-Simple-1.282/lib/CGI/Simple/Standard.pm 2025-08-28
21:03:30.000000000 +0200
@@ -8,7 +8,7 @@
$NO_UNDEF_PARAMS $USE_PARAM_SEMICOLONS $HEADERS_ONCE
$NPH $DEBUG $NO_NULL $FATAL *in %EXPORT_TAGS $AUTOLOAD );
-$VERSION = "1.281";
+$VERSION = "1.282";
%EXPORT_TAGS = (
':html' => [qw(:misc)],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/lib/CGI/Simple/Util.pm
new/CGI-Simple-1.282/lib/CGI/Simple/Util.pm
--- old/CGI-Simple-1.281/lib/CGI/Simple/Util.pm 2024-01-31 15:12:53.000000000
+0100
+++ new/CGI-Simple-1.282/lib/CGI/Simple/Util.pm 2025-08-28 21:03:30.000000000
+0200
@@ -2,7 +2,7 @@
use strict;
use warnings;
use vars qw( $VERSION @EXPORT_OK @ISA $UTIL );
-$VERSION = '1.281';
+$VERSION = '1.282';
require Exporter;
@ISA = qw( Exporter );
@EXPORT_OK = qw(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/lib/CGI/Simple.pm
new/CGI-Simple-1.282/lib/CGI/Simple.pm
--- old/CGI-Simple-1.281/lib/CGI/Simple.pm 2024-01-31 15:12:53.000000000
+0100
+++ new/CGI-Simple-1.282/lib/CGI/Simple.pm 2025-08-28 21:03:30.000000000
+0200
@@ -13,7 +13,7 @@
$NO_UNDEF_PARAMS, $USE_PARAM_SEMICOLONS, $PARAM_UTF8, $HEADERS_ONCE,
$NPH, $DEBUG, $NO_NULL, $FATAL);
-$VERSION = "1.281";
+$VERSION = "1.282";
# you can hard code the global variable settings here if you want.
# warning - do not delete the unless defined $VAR part unless you
@@ -998,6 +998,7 @@
);
my $CRLF = $self->crlf;
+ my $ALL_POSSIBLE_CRLF = qr/(?:\r\n|\n|\015\012)/;
# CR escaping for values, per RFC 822
for my $header (
@@ -1007,11 +1008,12 @@
if ( defined $header ) {
# From RFC 822:
# Unfolding is accomplished by regarding CRLF immediately
- # followed by a LWSP-char as equivalent to the LWSP-char.
- $header =~ s/$CRLF(\s)/$1/g;
+ # followed by a LWSP-char as equivalent to the LWSP-char
+ # (defined in the RFC as a space or a horizontal tab).
+ $header =~ s/$ALL_POSSIBLE_CRLF([ \t])/$1/g;
# All other uses of newlines are invalid input.
- if ( $header =~ m/$CRLF/ ) {
+ if ( $header =~ m/$ALL_POSSIBLE_CRLF/ ) {
# shorten very long values in the diagnostic
$header = substr( $header, 0, 72 ) . '...'
if ( length $header > 72 );
@@ -1491,7 +1493,7 @@
=head1 VERSION
-This document describes CGI::Simple version 1.281.
+This document describes CGI::Simple version 1.282.
=head1 SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CGI-Simple-1.281/t/120.header-crlf.t
new/CGI-Simple-1.282/t/120.header-crlf.t
--- old/CGI-Simple-1.281/t/120.header-crlf.t 2022-01-02 18:51:35.000000000
+0100
+++ new/CGI-Simple-1.282/t/120.header-crlf.t 2025-08-28 21:02:40.000000000
+0200
@@ -1,5 +1,5 @@
use strict;
-use Test::More tests => 2;
+use Test::More tests => 9;
use Test::Exception;
use CGI::Simple;
@@ -7,14 +7,26 @@
my $CRLF = $cgi->crlf;
-is( $cgi->header( '-Test' => "test$CRLF part" ),
- "Test: test part"
+my %possible_crlf = (
+ '\n' => "\n",
+ '\r\n' => "\r\n",
+ '\015\012' => "\015\012",
+);
+for my $k (sort keys %possible_crlf) {
+ is(
+ $cgi->header( '-Test' => "test$possible_crlf{$k} part" ),
+ "Test: test part"
. $CRLF
. 'Content-Type: text/html; charset=ISO-8859-1'
. $CRLF
- . $CRLF
-);
+ . $CRLF,
+ "header value with $k + space drops the $k and is valid"
+ );
-throws_ok { $cgi->header( '-Test' => "test$CRLF$CRLF part" ) }
-qr/Invalid header value contains a newline not followed by whitespace:
test="test/,
- 'invalid CRLF caught';
+ throws_ok { $cgi->header( '-Test' =>
"test$possible_crlf{$k}$possible_crlf{$k} part" ) }
+ qr/Invalid header value contains a newline not followed by whitespace:
test="test/,
+ 'invalid CRLF caught for double ' . $k;
+ throws_ok { $cgi->header( '-Test' => "test$possible_crlf{$k}part" ) }
+ qr/Invalid header value contains a newline not followed by whitespace:
test="test/,
+ "invalid $k caught not followed by whitespace";
+}
++++++ README.md ++++++
## Build Results
Current state of perl in openSUSE:Factory is
The current state of perl in the devel project build (devel:languages:perl)
++++++ _scmsync.obsinfo ++++++
mtime: 1757333308
commit: ea334f18975c49426500a486376dd9331b9eb9633c9f36db8068926cb3e321b7
url: https://src.opensuse.org/perl/perl-CGI-Simple.git
revision: ea334f18975c49426500a486376dd9331b9eb9633c9f36db8068926cb3e321b7
projectscmsync: https://src.opensuse.org/perl/_ObsPrj
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2025-10-10 12:03:41.000000000 +0200
@@ -0,0 +1 @@
+.osc
