Update for p5-CGI-Simple

[Stephan Tesch <s.tesch%science-computing.de@localhost>]

Greetings everyone,

Here is a patch for an update to p5-CGI-Simple to version 1.113 which 
resolves the header injection vulnerabilities. It adds a dependency to 
p5-IO-stringy, which should IMO be there since 1.112 (according to the 
ChangeLog). Here's the list of changes (taken from the official Changes 
file):

1.113 2010-12-27

      - (thanks to Yamada Masahiro) randomise multipart boundary string
        (security).

      - Numerous changes from Mark Stosberg:

        Port max-age support from CGI.pm, to improve compatibility and
        RFC-compliance

        Correct header comment in cookie.t

        It claims that is a simple copy/paste/modify from CGI.pm's test
        by the same name, but this has not been true for some time--
        CGI::Simple added

        httponly tests that CGI.pm lacks, for example.

        Sync cookie references with CGI.pm: add reference to the
        newer RFC 2695

        "Interface to browse cookies" looks like it was typo for
        "browser". HTTP is more precise.

        Fix awkward "CGI::Simple.pm" language. It looks like it probably
        originated from the CGI.pm form. "CGI::Simple" is used instead.

        Best Practice: eliminate indirect object notation from new(),
        parse() and fetch() calls

        Security: Fix handling of embedded malicious newlines in header
          values This is a direct port of the same security fix that

        Security: use a random MIME boundary by default in
          multipart_init(). This is a direct port of the same issue
          which was addressed in CGI.pm, preventing some kinds of
          potential header injection attacks.

        Port from CGI.pm: Fix multi-line header parsing.
          This fix is covered by the tests in t/header.t added in
          the previous patch. If you run those tests without this
          patch, you'll see how the headers would be malformed
          without this fix.

        Port CRLF injection prevention from CGI.pm

        Optimize Vars(): Don't build %hash if we aren't going to use it.

        Micro-optimization to Vars(): Don't call "tie" unless we need to.

      - Numerous changes from K. Berov:

        Added "+" to the mime character class.

        Added tests for C<$mime = $q->upload_info( $filename, 'mime' );>

        Fixed wrong match for mimetypes. Example: matched only
        'application/vnd' instead of 'application/vnd.ms-excel'.

        Added "\." to the mime character class

And here is the patch:

Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/www/p5-CGI-Simple/Makefile,v
retrieving revision 1.6
diff -u -r1.6 Makefile
--- Makefile    21 Aug 2010 16:36:37 -0000      1.6
+++ Makefile    6 Sep 2011 13:36:56 -0000
@@ -1,8 +1,7 @@
 # $NetBSD: Makefile,v 1.6 2010/08/21 16:36:37 seb Exp $

-DISTNAME=      CGI-Simple-1.112
+DISTNAME=      CGI-Simple-1.113
 PKGNAME=       p5-${DISTNAME}
-PKGREVISION=   2
 SVR4_PKGNAME=  p5cgs
 CATEGORIES=    www perl5
 MASTER_SITES=  ${MASTER_SITE_PERL_CPAN:=CGI/}
@@ -10,6 +9,7 @@
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      http://search.cpan.org/dist/CGI-Simple/
 COMMENT=       Simple totally OO CGI interface that is CGI.pm compliant
+DEPENDS+=      p5-IO-stringy*:../../devel/p5-IO-stringy
 LICENSE=       ${PERL5_LICENSE}

 USE_LANGUAGES= # empty
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/www/p5-CGI-Simple/distinfo,v
retrieving revision 1.4
diff -u -r1.4 distinfo
--- distinfo    12 Jun 2009 07:45:56 -0000      1.4
+++ distinfo    6 Sep 2011 13:36:56 -0000
@@ -1,5 +1,5 @@
 $NetBSD: distinfo,v 1.4 2009/06/12 07:45:56 sno Exp $

-SHA1 (CGI-Simple-1.112.tar.gz) = 9899a4efcd8d6f5ee31448297db47c8515000281
-RMD160 (CGI-Simple-1.112.tar.gz) = f61baca2afbc900bb42aca438d4deeb514de5bac
-Size (CGI-Simple-1.112.tar.gz) = 100173 bytes
+SHA1 (CGI-Simple-1.113.tar.gz) = 8540a0a5fcb044425b04c7c2bf2a5585f78782b6
+RMD160 (CGI-Simple-1.113.tar.gz) = 37867a79abc0f4aa319dcaf5f7d1577cd32c48b5
+Size (CGI-Simple-1.113.tar.gz) = 103884 bytes

Best regards,
Stephan

--
Stephan Tesch                Phone + 49 (0)7071-9457-608
science + computing ag       FAX   + 49 (0)7071-9457-511
Hagellocher Weg 73
D-72070 Tuebingen            Email: s.tesch%science-computing.de@localhost

--
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier, 
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196