Received: by mail.netbsd.org (Postfix, from userid 605) id 0491084F4A; Sat, 16 Oct 2021 17:51:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 3FC0384F15 for ; Sat, 16 Oct 2021 17:51:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id QD9Nd2E2a_p0 for ; Sat, 16 Oct 2021 17:51:39 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 9366A84CFD for ; Sat, 16 Oct 2021 17:51:39 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 8D07EFA94; Sat, 16 Oct 2021 17:51:39 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_163440669944570" MIME-Version: 1.0 Date: Sat, 16 Oct 2021 17:51:39 +0000 From: "Thomas Merkel" Subject: CVS commit: [pkgsrc-2021Q3] pkgsrc/databases/p5-DBI To: pkgsrc-changes@NetBSD.org Reply-To: tm@netbsd.org X-Mailer: log_accum Message-Id: <20211016175139.8D07EFA94@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_163440669944570 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: tm Date: Sat Oct 16 17:51:39 UTC 2021 Modified Files: pkgsrc/databases/p5-DBI [pkgsrc-2021Q3]: Makefile distinfo Added Files: pkgsrc/databases/p5-DBI/patches [pkgsrc-2021Q3]: patch-lib_DBD_File.pm Log Message: Pullup ticket #6515 - requested by wiz databases/p5-DBI: security fix Revisions pulled up: - databases/p5-DBI/Makefile 1.87 - databases/p5-DBI/distinfo 1.54 - databases/p5-DBI/patches/patch-lib_DBD_File.pm 1.1 --- Module Name: pkgsrc Committed By: wiz Date: Thu Oct 14 07:08:58 UTC 2021 Modified Files: pkgsrc/databases/p5-DBI: Makefile distinfo Added Files: pkgsrc/databases/p5-DBI/patches: patch-lib_DBD_File.pm Log Message: p5-DBI: fix CVE-2014-10402 Bump PKGREVISION To generate a diff of this commit: cvs rdiff -u -r1.86 -r1.86.4.1 pkgsrc/databases/p5-DBI/Makefile cvs rdiff -u -r1.52 -r1.52.12.1 pkgsrc/databases/p5-DBI/distinfo cvs rdiff -u -r0 -r1.1.2.2 \ pkgsrc/databases/p5-DBI/patches/patch-lib_DBD_File.pm Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_163440669944570 Content-Disposition: inline Content-Length: 2858 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/databases/p5-DBI/Makefile diff -u pkgsrc/databases/p5-DBI/Makefile:1.86 pkgsrc/databases/p5-DBI/Makefile:1.86.4.1 --- pkgsrc/databases/p5-DBI/Makefile:1.86 Mon May 24 19:49:34 2021 +++ pkgsrc/databases/p5-DBI/Makefile Sat Oct 16 17:51:39 2021 @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.86 2021/05/24 19:49:34 wiz Exp $ +# $NetBSD: Makefile,v 1.86.4.1 2021/10/16 17:51:39 tm Exp $ DISTNAME= DBI-1.643 PKGNAME= p5-${DISTNAME} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= databases perl5 MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=DBI/} Index: pkgsrc/databases/p5-DBI/distinfo diff -u pkgsrc/databases/p5-DBI/distinfo:1.52 pkgsrc/databases/p5-DBI/distinfo:1.52.12.1 --- pkgsrc/databases/p5-DBI/distinfo:1.52 Sun May 17 09:12:01 2020 +++ pkgsrc/databases/p5-DBI/distinfo Sat Oct 16 17:51:39 2021 @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.52 2020/05/17 09:12:01 wen Exp $ +$NetBSD: distinfo,v 1.52.12.1 2021/10/16 17:51:39 tm Exp $ SHA1 (DBI-1.643.tar.gz) = fdbe7a86873eed196be5f9753aabed5c1e22f2cb RMD160 (DBI-1.643.tar.gz) = c944a9568c4aa0c8f5e936bba47d9ee55d16b6cb SHA512 (DBI-1.643.tar.gz) = 03812f3eb1e43c8290dadb8cb14bbced9ec6e237228ea2a2ba91f22e52143906a91a7e82945dab30b1d1b9fc925073721111adafd9a09fac070808ab88f908b8 Size (DBI-1.643.tar.gz) = 612372 bytes +SHA1 (patch-lib_DBD_File.pm) = e268b5f59b4474b8c2f5d72891c31f5d0f53c0c0 Added files: Index: pkgsrc/databases/p5-DBI/patches/patch-lib_DBD_File.pm diff -u /dev/null pkgsrc/databases/p5-DBI/patches/patch-lib_DBD_File.pm:1.1.2.2 --- /dev/null Sat Oct 16 17:51:39 2021 +++ pkgsrc/databases/p5-DBI/patches/patch-lib_DBD_File.pm Sat Oct 16 17:51:39 2021 @@ -0,0 +1,28 @@ +$NetBSD: patch-lib_DBD_File.pm,v 1.1.2.2 2021/10/16 17:51:39 tm Exp $ + +Fix CVE-2014-10402 +https://github.com/perl5-dbi/dbi/pull/93/commits/19d0fb169eed475e1c053e99036b8668625cfa94 + +--- lib/DBD/File.pm.orig 2016-11-09 10:11:37.000000000 +0000 ++++ lib/DBD/File.pm +@@ -109,7 +109,11 @@ sub connect + # We do not (yet) care about conflicting attributes here + # my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir => "text" }); + # will test here that both test and text should exist +- if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) { ++ # ++ # Parsing on our own similar to parse_dsn to find attributes in 'dbname' parameter. ++ if ($dbname) { ++ my @attrs = split /;/ => $dbname; ++ my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs }; + if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) { + my $msg = "No such directory '$attr_hash->{f_dir}"; + $drh->set_err (2, $msg); +@@ -120,7 +124,6 @@ sub connect + if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) { + my $msg = "No such directory '$attr->{f_dir}"; + $drh->set_err (2, $msg); +- $attr->{RaiseError} and croak $msg; + return; + } + --_----------=_163440669944570--