Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id A25E363B9C6
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Wed,  7 Dec 2011 08:33:15 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 1137514A140; Wed,  7 Dec 2011 08:33:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id BED8514A126
	for <pkgsrc-changes@NetBSD.org>; Wed,  7 Dec 2011 08:33:12 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id oRMAANBf9RkP for <pkgsrc-changes@NetBSD.org>;
	Wed,  7 Dec 2011 08:33:12 +0000 (UTC)
Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd])
	by mail.netbsd.org (Postfix) with ESMTP id E12D214A125
	for <pkgsrc-changes@NetBSD.org>; Wed,  7 Dec 2011 08:33:11 +0000 (UTC)
Received: by cvs.netbsd.org (Postfix, from userid 500)
	id CA48C175DD; Wed,  7 Dec 2011 08:33:11 +0000 (UTC)
MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
Date: Wed, 7 Dec 2011 08:33:11 +0000
From: "Matthias Scheler" <tron@netbsd.org>
Subject: CVS commit: [pkgsrc-2011Q3] pkgsrc/devel/p5-PAR
To: pkgsrc-changes@NetBSD.org
Reply-To: tron@netbsd.org
X-Mailer: log_accum
Message-Id: <20111207083311.CA48C175DD@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	tron
Date:		Wed Dec  7 08:33:11 UTC 2011

Modified Files:
	pkgsrc/devel/p5-PAR [pkgsrc-2011Q3]: Makefile distinfo

Log Message:
Pullup ticket #3625 - requested by gls
devel/p5-PAR: security update

Revisions pulled up:
- devel/p5-PAR/Makefile                                         1.17
- devel/p5-PAR/distinfo                                         1.7

---
   Module Name:    pkgsrc
   Committed By:    gls
   Date:        Sun Dec  4 20:52:25 UTC 2011

   Modified Files:
       pkgsrc/devel/p5-PAR: Makefile distinfo

   Log Message:
   Update devel/p5-PAR to 1.005.
   Includes a fix for CVE 2011-4114.

   Upstream changes:

   [Changes for 1.005 - Dec 2, 2011]
     - run all tests using a nonce PAR_TMPDIR (otherwise CPAN Testers
     goes crazy as top level /tmp/par-USER directories (or similar)
     from previous tests may now be considered "unsafe")

   [Changes for 1.004 - Nov 30, 2011]
     - back out r1241: it causes errors in PAR::Packer's test suite
     - change "unsafe directory" error message to match the wording
     used by PAR::Packer
     - remove "debian" sub directory: it isn't released to CPAN and
     Debian will supply its own anyway
     - remove some cruft from MANIFEST.SKIP

   [Changes for 1.003 - Nov 28, 2011]
     -  RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe
     and predictable temporary directories
     (Note: this bug was originally reported against PAR::Packer, but
     it applies to PAR as well)
     - create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
     - if it already exists, make sure that (and bail out if not)
      - it's not a symlink
      - it's mode 0700
      - it's owned by USER
     - Fix a problem packing XML::LibXSLT on Windows (see the thread starting
     with http://www.nntp.perl.org/group/perl.par/2011/02/msg4919.html)
     - Die (with a hopefully useful message) if any error is encountered
     during an Archive::Zip extract operation


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.16.2.1 pkgsrc/devel/p5-PAR/Makefile
cvs rdiff -u -r1.6 -r1.6.10.1 pkgsrc/devel/p5-PAR/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.