forked from pool/perl-Net-Dropbox-API
Accepting request 1281384 from devel:languages:perl
OBS-URL: https://build.opensuse.org/request/show/1281384 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/perl-Net-Dropbox-API?expand=0&rev=4
This commit is contained in:
Git OBS Bridge
36
cpanspec.yml
Normal file
36
cpanspec.yml
Normal file
@@ -0,0 +1,36 @@
|
||||
---
|
||||
#description_paragraphs: 3
|
||||
#description: |-
|
||||
# override description from CPAN
|
||||
#summary: override summary from CPAN
|
||||
#no_testing: broken upstream
|
||||
#sources:
|
||||
# - source1
|
||||
# - source2
|
||||
patches:
|
||||
urandom.patch: -p1 PATCH-FIX-OPENSUSE https://github.com/norbu09/Net--Dropbox/pull/20 CVE-2024-58036
|
||||
# bar.patch:
|
||||
# baz.patch: PATCH-FIX-OPENSUSE
|
||||
preamble: |-
|
||||
BuildRequires: perl(Crypt::URandom)
|
||||
Requires: perl(Crypt::URandom)
|
||||
#post_prep: |-
|
||||
# hunspell=`pkg-config --libs hunspell | sed -e 's,-l,,; s, *,,g'`
|
||||
# sed -i -e "s,hunspell-X,$hunspell," t/00-prereq.t Makefile.PL
|
||||
#post_build: |-
|
||||
# rm unused.files
|
||||
#post_install: |-
|
||||
# sed on %{name}.files
|
||||
#license: SUSE-NonFree
|
||||
#skip_noarch: 1
|
||||
#custom_build: |-
|
||||
#./Build build flags=%{?_smp_mflags} --myflag
|
||||
#custom_test: |-
|
||||
#startserver && make test
|
||||
#ignore_requires: Bizarre::Module
|
||||
#skip_doc: regexp_to_skip_for_doc.*
|
||||
#add_doc: files to add to docs
|
||||
#misc: |-
|
||||
#anything else to be added to spec file
|
||||
#follows directly after %files section, so it can contain new blocks or also
|
||||
#changes to %files section
|
||||
@@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed May 28 14:58:49 UTC 2025 - Tina Müller <tina.mueller@suse.com>
|
||||
|
||||
- Add urandom.patch for secure tokens
|
||||
https://github.com/norbu09/Net--Dropbox/pull/20 CVE-2024-58036 bsc#1240884
|
||||
Add cpanspec.yml file used by cpanspec for autogenerating the spec.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 6 22:27:01 UTC 2025 - Tina Müller <tina.mueller@suse.com>
|
||||
|
||||
|
||||
@@ -26,6 +26,9 @@ License: Artistic-1.0 OR GPL-1.0-or-later
|
||||
Summary: Dropbox API interface
|
||||
URL: https://metacpan.org/release/%{cpan_name}
|
||||
Source0: https://cpan.metacpan.org/authors/id/N/NO/NORBU/%{cpan_name}-%{cpan_version}.tar.gz
|
||||
Source1: cpanspec.yml
|
||||
# PATCH-FIX-OPENSUSE https://github.com/norbu09/Net--Dropbox/pull/20 CVE-2024-58036
|
||||
Patch0: urandom.patch
|
||||
BuildArch: noarch
|
||||
BuildRequires: perl
|
||||
BuildRequires: perl-macros
|
||||
@@ -49,6 +52,10 @@ Requires: perl(common::sense)
|
||||
Provides: perl(Net::Dropbox::API) = %{version}
|
||||
%undefine __perllib_provides
|
||||
%{perl_requires}
|
||||
# MANUAL BEGIN
|
||||
BuildRequires: perl(Crypt::URandom)
|
||||
Requires: perl(Crypt::URandom)
|
||||
# MANUAL END
|
||||
|
||||
%description
|
||||
A dropbox API interface
|
||||
|
||||
60
urandom.patch
Normal file
60
urandom.patch
Normal file
@@ -0,0 +1,60 @@
|
||||
commit e3a854a4305004b1b930dcde16e609ebccc9d78b
|
||||
Author: Tina Müller <cpan2@tinita.de>
|
||||
Date: Wed May 28 16:21:08 2025 +0200
|
||||
|
||||
Use Crypt::URandom for generation of nonce
|
||||
|
||||
See https://nvd.nist.gov/vuln/detail/CVE-2024-58036
|
||||
|
||||
The result is a string of hex digits with the same length as before, 16.
|
||||
|
||||
diff --git a/Makefile.PL b/Makefile.PL
|
||||
index 0865ac2..301aac2 100644
|
||||
--- a/Makefile.PL
|
||||
+++ b/Makefile.PL
|
||||
@@ -12,7 +12,7 @@ requires 'JSON';
|
||||
requires 'Mouse';
|
||||
requires 'Encode';
|
||||
requires 'Net::OAuth';
|
||||
-requires 'Data::Random';
|
||||
+requires 'Crypt::URandom';
|
||||
requires 'common::sense';
|
||||
requires 'File::Basename';
|
||||
requires 'LWP::UserAgent';
|
||||
diff --git a/lib/Net/Dropbox/API.pm b/lib/Net/Dropbox/API.pm
|
||||
index bcdec21..3d53799 100644
|
||||
--- a/lib/Net/Dropbox/API.pm
|
||||
+++ b/lib/Net/Dropbox/API.pm
|
||||
@@ -8,7 +8,7 @@ use Net::OAuth;
|
||||
use LWP::UserAgent;
|
||||
use URI;
|
||||
use HTTP::Request::Common;
|
||||
-use Data::Random qw(rand_chars);
|
||||
+use Crypt::URandom qw(urandom);
|
||||
use Encode;
|
||||
|
||||
=head1 NAME
|
||||
@@ -382,7 +382,7 @@ Generate a different nonce for every request.
|
||||
|
||||
=cut
|
||||
|
||||
-sub nonce { join( '', rand_chars( size => 16, set => 'alphanumeric' )); }
|
||||
+sub nonce { unpack("H*", urandom(8)); }
|
||||
|
||||
sub _talk {
|
||||
my $self = shift;
|
||||
diff --git a/t/nonce.t b/t/nonce.t
|
||||
new file mode 100644
|
||||
index 0000000..7be9762
|
||||
--- /dev/null
|
||||
+++ b/t/nonce.t
|
||||
@@ -0,0 +1,9 @@
|
||||
+use strict;
|
||||
+use warnings;
|
||||
+use Test::More;
|
||||
+use Net::Dropbox::API;
|
||||
+
|
||||
+my $nonce = Net::Dropbox::API::nonce();
|
||||
+like $nonce, qr{^[a-zA-Z0-9]{16}\z}, 'expected nonce content';
|
||||
+
|
||||
+done_testing;
|
||||
Reference in New Issue
Block a user