From 43b6d6bad322af3d9c9bfca704adde159b4da260 Mon Sep 17 00:00:00 2001
From: CentOS Buildsys <bugs@centos.org>
Date: Dec 29 2013 10:58:02 +0000
Subject: import perl-HTTP-Tiny-0.033-3.el7.src.rpm


---

diff --git a/SOURCES/HTTP-Tiny-0.033-Do-not-use-already-existing-temporary-files.patch b/SOURCES/HTTP-Tiny-0.033-Do-not-use-already-existing-temporary-files.patch
new file mode 100644
index 0000000..d6d4a1a
--- /dev/null
+++ b/SOURCES/HTTP-Tiny-0.033-Do-not-use-already-existing-temporary-files.patch
@@ -0,0 +1,45 @@
+From f0ada4fd4d9f4a6c028f86306e62fe880949d4e1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Wed, 27 Nov 2013 10:58:07 +0100
+Subject: [PATCH] Do not use already existing temporary files
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+mirror() method tries to create a new temporary file as can be
+concluded by using random name.
+
+To prevent from from attacks, one has to make sure the file does not
+exist. This patch creates temporary files with O_CREAT|O_EXCL mode.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ lib/HTTP/Tiny.pm | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
+index 8736816..6ee800e 100644
+--- a/lib/HTTP/Tiny.pm
++++ b/lib/HTTP/Tiny.pm
+@@ -6,6 +6,7 @@ use warnings;
+ our $VERSION = '0.033'; # VERSION
+ 
+ use Carp ();
++use Fcntl ();
+ 
+ 
+ my @attributes;
+@@ -113,8 +114,8 @@ sub mirror {
+         $args->{headers}{'if-modified-since'} ||= $self->_http_date($mtime);
+     }
+     my $tempfile = $file . int(rand(2**31));
+-    open my $fh, ">", $tempfile
+-        or Carp::croak(qq/Error: Could not open temporary file $tempfile for downloading: $!\n/);
++    sysopen my $fh, $tempfile, Fcntl::O_CREAT|Fcntl::O_EXCL|Fcntl::O_WRONLY
++        or Carp::croak(qq/Error: Could not create temporary file $tempfile for downloading: $!\n/);
+     binmode $fh;
+     $args->{data_callback} = sub {
+         print {$fh} $_[0]
+-- 
+1.8.3.1
+
diff --git a/SOURCES/HTTP-Tiny-0.038-Croak-on-failed-write-into-a-file.patch b/SOURCES/HTTP-Tiny-0.038-Croak-on-failed-write-into-a-file.patch
new file mode 100644
index 0000000..3c7d069
--- /dev/null
+++ b/SOURCES/HTTP-Tiny-0.038-Croak-on-failed-write-into-a-file.patch
@@ -0,0 +1,36 @@
+From 4ead7785b495b48f027f77abe2b1173f3c05f02c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Wed, 27 Nov 2013 10:45:39 +0100
+Subject: [PATCH 1/2] Croak on failed write into a file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The mirror() method saves a document into a file. Any error while
+writing to the file, e.g. no disk space, was ignored. This patch fixes
+it by croaking on such I/O error.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ lib/HTTP/Tiny.pm | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/HTTP/Tiny.pm b/lib/HTTP/Tiny.pm
+index 0178d65..48763ff 100644
+--- a/lib/HTTP/Tiny.pm
++++ b/lib/HTTP/Tiny.pm
+@@ -116,7 +116,10 @@ sub mirror {
+     open my $fh, ">", $tempfile
+         or Carp::croak(qq/Error: Could not open temporary file $tempfile for downloading: $!\n/);
+     binmode $fh;
+-    $args->{data_callback} = sub { print {$fh} $_[0] };
++    $args->{data_callback} = sub {
++        print {$fh} $_[0]
++        or Carp::croak(qq/Error: Could not write into temporary file $tempfile: $!\n/);
++    };
+     my $response = $self->request('GET', $url, $args);
+     close $fh
+         or Carp::croak(qq/Error: Could not close temporary file $tempfile: $!\n/);
+-- 
+1.8.3.1
+
diff --git a/SPECS/perl-HTTP-Tiny.spec b/SPECS/perl-HTTP-Tiny.spec
index 9229438..7a6b6d1 100644
--- a/SPECS/perl-HTTP-Tiny.spec
+++ b/SPECS/perl-HTTP-Tiny.spec
@@ -1,11 +1,17 @@
 Name:           perl-HTTP-Tiny
 Version:        0.033
-Release:        1%{?dist}
+Release:        3%{?dist}
 Summary:        Small, simple, correct HTTP/1.1 client
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/HTTP-Tiny/
 Source0:        http://www.cpan.org/authors/id/D/DA/DAGOLDEN/HTTP-Tiny-%{version}.tar.gz
+# Check for write failure, bug #1031096,
+# <https://github.com/chansen/p5-http-tiny/issues/32>
+Patch0:         HTTP-Tiny-0.038-Croak-on-failed-write-into-a-file.patch
+# Do not use already existing temporary files, bug #1031096,
+# <https://github.com/chansen/p5-http-tiny/issues/32>
+Patch1:         HTTP-Tiny-0.033-Do-not-use-already-existing-temporary-files.patch
 BuildArch:      noarch
 BuildRequires:  perl
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.30
@@ -15,6 +21,7 @@ BuildRequires:  perl(warnings)
 BuildRequires:  perl(bytes)
 BuildRequires:  perl(Carp)
 BuildRequires:  perl(Errno)
+BuildRequires:  perl(Fcntl)
 BuildRequires:  perl(IO::Socket)
 # IO::Socket::SSL 1.56 is optional
 # Mozilla::CA is optional
@@ -50,6 +57,8 @@ resumes after EINTR.
 
 %prep
 %setup -q -n HTTP-Tiny-%{version}
+%patch0 -p1
+%patch1 -p1
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor
@@ -69,6 +78,13 @@ make test
 %{_mandir}/man3/*
 
 %changelog
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.033-3
+- Mass rebuild 2013-12-27
+
+* Wed Nov 27 2013 Petr Pisar <ppisar@redhat.com> - 0.033-2
+- Croak on failed write into a file (bug #1031096)
+- Do not use already existing temporary files (bug #1031096)
+
 * Mon Jun 24 2013 Petr Pisar <ppisar@redhat.com> - 0.033-1
 - 0.033 bump