diff options
| author | Stig Palmquist <stig@stig.io> | 2021-04-05 18:02:52 +0200 |
|---|---|---|
| committer | Stig Palmquist <stig@stig.io> | 2021-04-05 18:02:52 +0200 |
| commit | 8fca47fdc1ff4adecc9446b8f60f11494c405d32 (patch) | |
| tree | d12d15323170a1b900acad4d1f4c1d8681e0146b /pkgs/development/perl-modules | |
| parent | 3d1a7716d7f1fccbd7d30ab3b2ed3db831f43bde (diff) | |
perlPackages.NetCIDRLite: 0.21 -> 0.22
Removed patch that is now in upstream
Diffstat (limited to 'pkgs/development/perl-modules')
| -rw-r--r-- | pkgs/development/perl-modules/Net-CIDR-Lite-prevent-leading-zeroes-ipv4.patch | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/pkgs/development/perl-modules/Net-CIDR-Lite-prevent-leading-zeroes-ipv4.patch b/pkgs/development/perl-modules/Net-CIDR-Lite-prevent-leading-zeroes-ipv4.patch deleted file mode 100644 index 337111b6c0409..0000000000000 --- a/pkgs/development/perl-modules/Net-CIDR-Lite-prevent-leading-zeroes-ipv4.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 734d31aa2f65b69f5558b9b0dd67af0461ca7f80 Mon Sep 17 00:00:00 2001 -From: Stig Palmquist <stig@stig.io> -Date: Tue, 30 Mar 2021 12:13:37 +0200 -Subject: [PATCH] Security: Prevent leading zeroes in ipv4 octets - -https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ -Related to CVE-2021-28918 ---- - Lite.pm | 2 +- - t/base.t | 13 ++++++++++++- - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/Lite.pm b/Lite.pm -index fd6df73..d44f881 100644 ---- a/Lite.pm -+++ b/Lite.pm -@@ -181,7 +181,7 @@ sub _pack_ipv4 { - my @nums = split /\./, shift(), -1; - return unless @nums == 4; - for (@nums) { -- return unless /^\d{1,3}$/ and $_ <= 255; -+ return unless /^\d{1,3}$/ and !/^0\d{1,2}$/ and $_ <= 255; - } - pack("CC*", 0, @nums); - } -diff --git a/t/base.t b/t/base.t -index cf32c5e..292456d 100644 ---- a/t/base.t -+++ b/t/base.t -@@ -8,7 +8,7 @@ - use Test; - use strict; - $|++; --BEGIN { plan tests => 39 }; -+BEGIN { plan tests => 42 }; - use Net::CIDR::Lite; - ok(1); # If we made it this far, we are ok. - -@@ -133,3 +133,14 @@ ok(join(', ', @list_short_range), '10.0.0.1-2, 10.0.0.5'); - })->list_short_range; - ok(join(', ', @list_short_range), '10.0.0.250-255, 10.0.1.0-20, 10.0.1.22, 10.0.2.250-255, 10.0.3.0-255, 10.0.4.0-255, 10.0.5.0-8'); - -+ -+# Tests for vulnerability: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ -+eval { Net::CIDR::Lite->new("010.0.0.0/8") }; -+ok($@=~/Can't determine ip format/); -+ -+my $err_octal = Net::CIDR::Lite->new; -+eval { $err_octal->add("010.0.0.0/8") }; -+ok($@=~/Can't determine ip format/); -+ -+eval { $err_octal->add("10.01.0.0/8") }; -+ok($@=~/Can't determine ip format/); |