On Sun, 6 Jan 2019 19:51:25 -0700 Andrew Hewus Fresh wrote: > On Mon, Dec 17, 2018 at 03:21:27AM +0100, Charlene Wendling wrote: > > Hi, > > > > I'm adding the quirks info as well. Can someone check this out > > please? > > OK afresh1@, although I don't have a firm enough grasp on Quirks to > know for sure this is right. > > I also don't know whether it should be backported to -stable. >
Same here, but i still made a diff for -stable as an exercise when it happened, if needed :) Charlène. Index: Makefile =================================================================== RCS file: /cvs/ports/www/p5-Catalyst-Plugin-Static-Simple/Makefile,v retrieving revision 1.15 diff -u -p -u -p -r1.15 Makefile --- Makefile 20 Mar 2016 19:57:16 -0000 1.15 +++ Makefile 7 Dec 2018 22:43:49 -0000 @@ -5,7 +5,7 @@ COMMENT= serving static pages with cata MODULES= cpan PKG_ARCH= * DISTNAME= Catalyst-Plugin-Static-Simple-0.29 -REVISION= 1 +REVISION= 2 CATEGORIES= www # Perl @@ -17,7 +17,7 @@ RUN_DEPENDS= devel/p5-Moose \ www/p5-Catalyst-Runtime>=5.80008 \ mail/p5-MIME-Types>=1.25 BUILD_DEPENDS= ${RUN_DEPENDS} -TEST_DEPENDS=www/p5-Catalyst-Plugin-SubRequest>=0.15 +TEST_DEPENDS= www/p5-Catalyst-Plugin-SubRequest>=0.15 MAKE_ENV= TEST_POD=Yes Index: patches/patch-lib_Catalyst_Plugin_Static_Simple_pm =================================================================== RCS file: patches/patch-lib_Catalyst_Plugin_Static_Simple_pm diff -N patches/patch-lib_Catalyst_Plugin_Static_Simple_pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-lib_Catalyst_Plugin_Static_Simple_pm 7 Dec 2018 22:43:49 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ +Fix for CVE-2017-16248 +Can be dropped with version>=0.34 +Index: lib/Catalyst/Plugin/Static/Simple.pm +--- lib/Catalyst/Plugin/Static/Simple.pm.orig ++++ lib/Catalyst/Plugin/Static/Simple.pm +@@ -54,7 +54,7 @@ before prepare_action => sub { + } + + # Does the path have an extension? +- if ( $path =~ /.*\.(\S{1,})$/xms ) { ++ if ( $path =~ /\.([^\/\\]+)$/m ) { + # and does it exist? + $c->_locate_static_file( $path ); + } [diff zapped] > andrew - http://afresh1.com > > At the source of every error which is blamed on the computer, you > will find at least two human errors, including the error of blaming > it on the computer. >