diff options
author | kuriyama <kuriyama@FreeBSD.org> | 2010-01-20 09:21:26 +0800 |
---|---|---|
committer | kuriyama <kuriyama@FreeBSD.org> | 2010-01-20 09:21:26 +0800 |
commit | cdd8f0569bf3a1c68659794fe387ae6d9a8230f0 (patch) | |
tree | caf87b1304cb1af5061621cf42b5bef4d82a63c5 /security/p5-Authen-Captcha | |
parent | 4e857ef7d8b71c4798f5f372e991489d3fd28f46 (diff) | |
download | freebsd-ports-gnome-cdd8f0569bf3a1c68659794fe387ae6d9a8230f0.tar.gz freebsd-ports-gnome-cdd8f0569bf3a1c68659794fe387ae6d9a8230f0.tar.zst freebsd-ports-gnome-cdd8f0569bf3a1c68659794fe387ae6d9a8230f0.zip |
- Update patch for more strict untainting.
Reported by: Geraint Edwards <gedge@yadn.org>
Obtained from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409731
Diffstat (limited to 'security/p5-Authen-Captcha')
-rw-r--r-- | security/p5-Authen-Captcha/Makefile | 2 | ||||
-rw-r--r-- | security/p5-Authen-Captcha/files/patch-Captcha.pm | 40 |
2 files changed, 30 insertions, 12 deletions
diff --git a/security/p5-Authen-Captcha/Makefile b/security/p5-Authen-Captcha/Makefile index 253bba7c3c5a..4ab3046221eb 100644 --- a/security/p5-Authen-Captcha/Makefile +++ b/security/p5-Authen-Captcha/Makefile @@ -7,7 +7,7 @@ PORTNAME= Authen-Captcha PORTVERSION= 1.023 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security perl5 MASTER_SITES= CPAN PKGNAMEPREFIX= p5- diff --git a/security/p5-Authen-Captcha/files/patch-Captcha.pm b/security/p5-Authen-Captcha/files/patch-Captcha.pm index def3c22c00a9..f4ee557c350c 100644 --- a/security/p5-Authen-Captcha/files/patch-Captcha.pm +++ b/security/p5-Authen-Captcha/files/patch-Captcha.pm @@ -1,6 +1,6 @@ ---- Captcha.pm.orig Mon May 10 10:58:05 2004 -+++ Captcha.pm Mon May 10 11:06:24 2004 -@@ -65,6 +65,7 @@ sub new +--- Captcha.pm.orig 2003-12-18 13:44:34.000000000 +0900 ++++ Captcha.pm 2010-01-19 18:52:23.656183439 +0900 +@@ -65,6 +65,7 @@ my $keep_failures = (defined($opts{keep_failures}) && $opts{keep_failures}) ? 1 : 0; $self->keep_failures($keep_failures); @@ -8,7 +8,7 @@ # create a random seed if perl version less than 5.004 if ($] < 5.005) -@@ -193,6 +194,18 @@ sub data_folder +@@ -193,6 +194,18 @@ } } @@ -27,7 +27,7 @@ sub check_code { -@@ -214,7 +227,7 @@ sub check_code +@@ -214,7 +227,7 @@ # they could be confused with (o) and (l), so we swap them in $code =~ tr/01/ol/; @@ -36,7 +36,25 @@ # pull in current database warn "Open File: $database_file\n" if($self->debug() >= 2); -@@ -490,7 +503,7 @@ sub generate_code +@@ -232,7 +245,7 @@ + foreach my $line (@data) + { + $line =~ s/\n//; +- my ($data_time,$data_code) = split(/::/,$line); ++ my ($data_time,$data_code) = $line =~ m/(^\d+)::([[:xdigit:]]{32})$/; + + my $png_file = File::Spec->catfile($self->output_folder(),$data_code . ".png"); + if ($data_code eq $crypt) +@@ -351,7 +364,7 @@ + foreach my $line (@data) + { + $line =~ s/\n//; +- my ($data_time,$data_code) = split(/::/,$line); ++ my ($data_time,$data_code) = $line =~ m/(^\d+)::([[:xdigit:]]{32})$/; + if ( (($current_time - $data_time) > ($self->expire())) || + ($data_code eq $md5) ) + { # remove expired captcha, or a dup +@@ -490,7 +503,7 @@ my $length = shift; my $code = $self->generate_random_string($length); @@ -45,7 +63,7 @@ my ($captcha_data_ref,$output_filename); if ($self->type() eq 'image') -@@ -625,6 +638,7 @@ See the method descriptions for more det +@@ -625,6 +638,7 @@ height => 35, # optional. default 35 images_folder => '/some/folder', # optional. default to lib dir keep_failures => 0, # optional, defaults to 0(false) @@ -53,11 +71,10 @@ debug => 0, # optional. default 0 =back -@@ -694,6 +708,14 @@ Optional. Number of pixels wide for the - =item C<$captcha-E<gt>keep_failures( [0|1] );> +@@ -695,6 +709,14 @@ Optional. Defaults to zero. This option controls whether or not the captcha will remain valid after a failed attempt. By default, we only allow one attempt to solve it. This greatly reduces the possibility that a bot could brute force a correct answer. Change it at your own risk. -+ + +=item C<$captcha-E<gt>secret( "SuperSecret" );> + +Optional. Defaults to an empty string. This option is meant to prevent @@ -65,6 +82,7 @@ +valid codes and comparing them with the image file name. Obviously, the +secret should be the same for creating and checking the captcha. It is a +good idea to set it to something else than the default. - ++ =item C<$captcha-E<gt>debug( [0|1|2] );> + Optional. |