debian/0000755000000000000000000000000012061115124007157 5ustar debian/rules0000755000000000000000000000040712061115124010240 0ustar #!/usr/bin/make -f PACKAGE = $(shell dh_listpackages) TMP = $(CURDIR)/debian/$(PACKAGE) %: dh $@ override_dh_auto_install: dh_auto_install rm -f $(TMP)/usr/share/perl5/Authen/Captcha/images/Thumbs.db override_dh_clean: dh_clean rm -rf t/captcha_temp debian/control0000644000000000000000000000252212061115124010563 0ustar Source: libauthen-captcha-perl Maintainer: Debian Perl Group Uploaders: Ernesto Hernández-Novich (USB) , Damyan Ivanov , Xavier Guimard Section: perl Priority: extra Build-Depends: debhelper (>= 8) Build-Depends-Indep: libgd-gd2-noxpm-perl | libgd-gd2-perl, perl Standards-Version: 3.9.4 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libauthen-captcha-perl.git Vcs-Git: git://git.debian.org/pkg-perl/packages/libauthen-captcha-perl.git Homepage: http://search.cpan.org/dist/Authen-Captcha/ Package: libauthen-captcha-perl Architecture: all Depends: ${misc:Depends}, ${perl:Depends}, libgd-gd2-noxpm-perl | libgd-gd2-perl Description: Perl extension for creating captcha's Authen::Captcha provides an object oriented interface to captcha file creations. Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart. A Captcha is a program that can generate and grade tests that: . - Most humans can pass. - Current computer programs can't pass. . The most common form is an image file containing distorted text, which humans are adept at reading, and computers (generally) do a poor job. This module currently implements that method. debian/source/0000755000000000000000000000000012061115124010457 5ustar debian/source/format0000644000000000000000000000001412061115124011665 0ustar 3.0 (quilt) debian/changelog0000644000000000000000000000633012061115124011033 0ustar libauthen-captcha-perl (1.023-6) unstable; urgency=low [ gregor herrmann ] * debian/watch: use dist-based URL. * debian/control: Added: ${misc:Depends} to Depends: field. [ Ernesto Hernández-Novich (USB) ] * debian/compat: upgrade to DH8. * debian/control: update Standards Version; upgrade to DH8; set Debian Perl Group as Maintainer instead of me. * Do not install README file since it's just a copy of the man page. * Upgrade to Source Format 3.0. * debian/rules: remove --with-quilt; add override to avoid installing a stray Thumbs.db file; add override to remove a temporary testing directory after building. * Add patch to fix spelling error in man page. [ Nathan Handler ] * debian/watch: Update to ignore development releases. [ Ansgar Burchardt ] * debian/control: Convert Vcs-* fields to Git. [ Xavier Guimard ] * Bump Standards-Version to 3.9.4 * Update debian/copyright format * fix409731_not-taint-safe.patch : - add description - report it -- Xavier Guimard Sun, 09 Dec 2012 11:28:23 +0100 libauthen-captcha-perl (1.023-5) unstable; urgency=low [ gregor herrmann ] * debian/rules: delete /usr/lib/perl5 only if it exists (Closes: #467665). [ Ernesto Hernández-Novich (USB) ] * Upgraded to debhelper 6 * Updated to Standards-Version 3.7.3 -- Ernesto Hernández-Novich (USB) Wed, 27 Feb 2008 08:04:09 -0430 libauthen-captcha-perl (1.023-4) unstable; urgency=low * Really add README.Debian-source -- Damyan Ivanov Wed, 28 Nov 2007 18:21:46 +0200 libauthen-captcha-perl (1.023-3) unstable; urgency=low [ Ernesto Hernández-Novich (USB) ] * Updated Standards-Version to 3.7.2. * Moved package into Debian Pkg Perl Project SVN. * Fixed copyright file with a better URL. * Cleanup debian/rules. * Fixed watch file. [ Rene Mayorga ] * Remove debian/docs, is not needed, Changes and README are installed as line option at debian/rules * Install examples with dh_installexamples * Fix Upstream URLs at debian/control and debian/copyright * Remove Thumbs.db to keeps lintian happy W: libauthen-captcha-perl: windows-thumbnail-database-in-package usr/share/perl5/Authen/Captcha/images/Thumbs.db [ Ernesto Hernández-Novich (USB) ] * Applied patch by Chris Dunlop Closes: #409731 -- libauthen-captcha-perl: not taint safe * Changed debian/rules to use quilt for patch management until upstream catches up. [ Damyan Ivanov ] * Remove t/captcha_temp, leftover after distclean * Convert debian/copyright to UTF-8 * Add README.Debian-source explaining repackaging * Use debhelper 5 [ Ernesto Hernández-Novich (USB) ] * Fixed Maintainer field in control file. -- Ernesto Hernández-Novich (USB) Fri, 23 Nov 2007 09:46:51 -0400 libauthen-captcha-perl (1.023-2) unstable; urgency=low * Fixed typo in long description (closes: #344694) * Removed dependencies on libgd1 (closes: #369111) -- Ernesto Hernández-Novich Sat, 27 May 2006 22:00:26 -0400 libauthen-captcha-perl (1.023-1) unstable; urgency=low * Initial Release. -- Ernesto Hernández-Novich Thu, 1 Dec 2005 17:22:34 -0400 debian/README.Debian-source0000644000000000000000000000022012061115124012510 0ustar The only difference between the source released upstream and the .orig.tar.gz used by Debian source package is the ommission of CVS directories debian/compat0000644000000000000000000000000212061115124010355 0ustar 8 debian/patches/0000755000000000000000000000000012061115124010606 5ustar debian/patches/fix409731_not-taint-safe.patch0000644000000000000000000000267012061115124016023 0ustar Description: fix a security issue reported by perl -T Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409731 Bug: https://rt.cpan.org/Ticket/Display.html?id=81832 Forwarded: https://rt.cpan.org/Ticket/Display.html?id=81832 Reviewed-By: Xavier Guimard Author: Ernesto Hernández-Novich --- a/Captcha.pm +++ b/Captcha.pm @@ -232,7 +232,11 @@ sub check_code foreach my $line (@data) { $line =~ s/\n//; - my ($data_time,$data_code) = split(/::/,$line); + # Fixes Debian Bug #409731 + # Extract untainted time and code + # Patch provided by Chris Dunlop + # applied by Ernesto Hernández-Novich + my ($data_time,$data_code) = $line =~ m/(^\d+)::([[:xdigit:]]{32})$/; my $png_file = File::Spec->catfile($self->output_folder(),$data_code . ".png"); if ($data_code eq $crypt) @@ -351,7 +355,12 @@ sub _save_code foreach my $line (@data) { $line =~ s/\n//; - my ($data_time,$data_code) = split(/::/,$line); + # Fixes Debian Bug #409731 + # Extract untainted time and code + # Patch provided by Chris Dunlop + # applied by Ernesto Hernández-Novich + my ($data_time,$data_code) = $line =~ m/(^\d+)::([[:xdigit:]]{32})$/; + if ( (($current_time - $data_time) > ($self->expire())) || ($data_code eq $md5) ) { # remove expired captcha, or a dup debian/patches/series0000644000000000000000000000007012061115124012020 0ustar fix409731_not-taint-safe.patch fix_spelling_error.patch debian/patches/fix_spelling_error.patch0000644000000000000000000000370012061115124015523 0ustar Description: This patch fixes a POD spelling error. Forwarded: https://rt.cpan.org/Ticket/Display.html?id=69645 Author: Ernesto Hernández-Novich --- a/Captcha.pm +++ b/Captcha.pm @@ -543,7 +543,7 @@ # set the data_folder. contains flatfile db to maintain state $captcha->data_folder('/some/folder'); - # set directory to hold publicly accessable images + # set directory to hold publicly accessible images $captcha->output_folder('/some/http/folder'); # Alternitively, any of the methods to set variables may also be @@ -676,11 +676,11 @@ =item C<$captcha-Edata_folder( '/some/folder' );> Required. Sets the directory to hold the flatfile database that will be used to store the current non-expired valid captcha md5sum's. -Must be writable by the process running the script (usually the web server user, which is usually either "apache" or "http"), but should not be accessable to the end user. +Must be writable by the process running the script (usually the web server user, which is usually either "apache" or "http"), but should not be accessible to the end user. =item C<$captcha-Eoutput_folder( '/some/folder' );> -Required. Sets the directory to hold the generated Captcha image files. This is usually a web accessable directory so that the user can view the images in here, but it doesn't have to be web accessable (you could be attaching the images to an e-mail for some verification, or some other Captcha implementation). +Required. Sets the directory to hold the generated Captcha image files. This is usually a web accessible directory so that the user can view the images in here, but it doesn't have to be web accessible (you could be attaching the images to an e-mail for some verification, or some other Captcha implementation). Must be writable by the process running the script (usually the web server user, which is usually either "apache" or "http"). =item C<$captcha-Eimages_folder( '/some/folder' );> debian/copyright0000644000000000000000000000321512061115124011113 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Authen-Captcha Source: http://search.cpan.org/dist/Authen-Captcha/ Upstream-Contact: Josh I. Miller, Files: * Copyright: 2003, First Productions, Inc. (FIRSTPRODUCTIONS HUMAN TEST 1.0) 2003, Seth T. Jackson, License: GPL-2+ Files: debian/* Copyright: 2005, 2006, Ernesto Hernández-Novich 2007-2011, Ernesto Hernández-Novich (USB) 2007, Damyan Ivanov 2012, Xavier Guimard License: Artistic or GPL-1+ License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. . On Debian systems, the complete text of version 2 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. License: Artistic This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License, which comes with Perl. . On Debian systems, the complete text of the Artistic License can be found in `/usr/share/common-licenses/Artistic'. License: GPL-1+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. . On Debian systems, the complete text of version 1 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-1'. debian/watch0000644000000000000000000000016712061115124010214 0ustar version=3 http://search.cpan.org/dist/Authen-Captcha/ .*/Authen-Captcha-v?(\d[\d.]+)\.(?:tar(?:\.gz|\.bz2)?|tgz|zip) debian/libauthen-captcha-perl.examples0000644000000000000000000000001312061115124015225 0ustar examples/*