gentoo resync : 14.07.2018

1 files changed, 0 insertions, 31 deletions

diff --git a/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch b/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch
deleted file mode 100644
index 292cac3aa6f4..000000000000
--- a/dev-perl/HTTP-Body/files/HTTP-Body-1.190.0-CVE-2013-4407.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Description: Allow only word characters in filename suffixes
- CVE-2013-4407: Allow only word characters in filename suffixes. An
- attacker able to upload files to a service that uses
- HTTP::Body::Multipart could use this issue to upload a file and create
- a specifically-crafted temporary filename on the server, that when
- processed without further validation, could allow execution of commands
- on the server.
-Origin: vendor
-Bug: https://rt.cpan.org/Ticket/Display.html?id=88342
-Bug-Debian: http://bugs.debian.org/721634
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1005669
-Forwarded: no
-Author: Salvatore Bonaccorso <carnil@debian.org>
-Last-Update: 2013-10-21
-
-Updated by Andreas K. Huettel <dilfridge@gentoo.org> for HTTP-Body-1.19
-
-diff -ruN HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm
---- HTTP-Body-1.19.orig/lib/HTTP/Body/MultiPart.pm	2013-12-06 16:07:25.000000000 +0100
-+++ HTTP-Body-1.19/lib/HTTP/Body/MultiPart.pm	2014-11-30 23:17:19.652051615 +0100
-@@ -258,8 +258,8 @@
- 
- =cut
- 
--our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/;
--#our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/;
-+#our $basename_regexp = qr/[^.]+(\.[^\\\/]+)$/;
-+our $basename_regexp = qr/(\.\w+(?:\.\w+)*)$/;
- 
- sub handler {
-     my ( $self, $part ) = @_;