Add fixes for CVE-2008-2827 and CVE-2008-5302 from CPAN respectively Debian. While there also fix two check interpreter warnings.diff -r1.143 -r1.144 pkgsrc/lang/perl5/Makefile
(tron)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.143 2008/11/14 18:27:00 joerg Exp $ | 1 | # $NetBSD: Makefile,v 1.144 2008/12/08 13:34:46 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= perl-5.10.0 | 3 | DISTNAME= perl-5.10.0 | |
4 | CATEGORIES= lang devel perl5 | 4 | CATEGORIES= lang devel perl5 | |
5 | PKGREVISION= 2 | 5 | PKGREVISION= 3 | |
6 | MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,} | 6 | MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,} | |
7 | DISTFILES+= ${DISTNAME}${EXTRACT_SUFX} | 7 | DISTFILES+= ${DISTNAME}${EXTRACT_SUFX} | |
8 | 8 | |||
9 | MAINTAINER= jlam@pkgsrc.org | 9 | MAINTAINER= jlam@pkgsrc.org | |
10 | HOMEPAGE= http://www.perl.org/ | 10 | HOMEPAGE= http://www.perl.org/ | |
11 | COMMENT= Practical Extraction and Report Language | 11 | COMMENT= Practical Extraction and Report Language | |
12 | #LICENSE= gnu-gpl-v2 | 12 | #LICENSE= gnu-gpl-v2 | |
13 | 13 | |||
14 | PKG_DESTDIR_SUPPORT= user-destdir | 14 | PKG_DESTDIR_SUPPORT= user-destdir | |
15 | 15 | |||
16 | CONFLICTS= perl-base-[0-9]* perl-thread-[0-9]* \ | 16 | CONFLICTS= perl-base-[0-9]* perl-thread-[0-9]* \ | |
17 | p5-CGI-2.66 p5-CGI-2.75 p5-CGI-2.75.[0-2] | 17 | p5-CGI-2.66 p5-CGI-2.75 p5-CGI-2.75.[0-2] | |
18 | 18 | |||
@@ -260,26 +260,28 @@ CONFIGURE_ARGS+= -Duse64bitint | @@ -260,26 +260,28 @@ CONFIGURE_ARGS+= -Duse64bitint | |||
260 | . endif | 260 | . endif | |
261 | .endif | 261 | .endif | |
262 | 262 | |||
263 | # Remove a spurious workdir reference | 263 | # Remove a spurious workdir reference | |
264 | SUBST_CLASSES+= rm | 264 | SUBST_CLASSES+= rm | |
265 | SUBST_STAGE.rm= pre-install | 265 | SUBST_STAGE.rm= pre-install | |
266 | SUBST_FILES.rm= lib/Config_heavy.pl | 266 | SUBST_FILES.rm= lib/Config_heavy.pl | |
267 | SUBST_SED.rm= -e "s!^rm_try='/.*/\.tools/bin/rm -f!rm_try='/bin/rm -f!" | 267 | SUBST_SED.rm= -e "s!^rm_try='/.*/\.tools/bin/rm -f!rm_try='/bin/rm -f!" | |
268 | 268 | |||
269 | # Replace our perl as the interpreter | 269 | # Replace our perl as the interpreter | |
270 | REPLACE_PERL+= lib/Class/ISA.pm | 270 | REPLACE_PERL+= lib/Class/ISA.pm | |
271 | REPLACE_PERL+= lib/File/DosGlob.pm | 271 | REPLACE_PERL+= lib/File/DosGlob.pm | |
272 | REPLACE_PERL+= lib/version.pm | 272 | REPLACE_PERL+= lib/version.pm | |
273 | REPLACE_PERL+= lib/Math/BigFloat/Trace.pm | |||
274 | REPLACE_PERL+= lib/Math/BigInt/Trace.pm | |||
273 | 275 | |||
274 | # And replace a perl interpreter during the pre-install stage | 276 | # And replace a perl interpreter during the pre-install stage | |
275 | # I think this may be a bootstrap script, so can't use REPLACE_PERL | 277 | # I think this may be a bootstrap script, so can't use REPLACE_PERL | |
276 | # because that is acted upon already in the pre-configure stage | 278 | # because that is acted upon already in the pre-configure stage | |
277 | SUBST_CLASSES+= miniperl | 279 | SUBST_CLASSES+= miniperl | |
278 | SUBST_STAGE.miniperl= pre-install | 280 | SUBST_STAGE.miniperl= pre-install | |
279 | SUBST_FILES.miniperl= lib/ExtUtils/xsubpp | 281 | SUBST_FILES.miniperl= lib/ExtUtils/xsubpp | |
280 | SUBST_SED.miniperl= -e "1s:\#!./miniperl:\#!${PERL5}:" | 282 | SUBST_SED.miniperl= -e "1s:\#!./miniperl:\#!${PERL5}:" | |
281 | 283 | |||
282 | # Some platforms may want the directory mode not to be 0755. This | 284 | # Some platforms may want the directory mode not to be 0755. This | |
283 | # is, unfortunately, hardcoded in quite a few places in Perl, so | 285 | # is, unfortunately, hardcoded in quite a few places in Perl, so | |
284 | # let's substitute what pkgsrc says instead. | 286 | # let's substitute what pkgsrc says instead. | |
285 | # | 287 | # |
@@ -1,21 +1,22 @@ | @@ -1,21 +1,22 @@ | |||
1 | $NetBSD: distinfo,v 1.53 2008/12/08 12:46:13 schwarz Exp $ | 1 | $NetBSD: distinfo,v 1.54 2008/12/08 13:34:47 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (perl-5.10.0.tar.gz) = adf73606dd5248af7ccdd735bcaa0e628ea75b3c | 3 | SHA1 (perl-5.10.0.tar.gz) = adf73606dd5248af7ccdd735bcaa0e628ea75b3c | |
4 | RMD160 (perl-5.10.0.tar.gz) = c6614fc99a162790a703f91085b24a60af903ba2 | 4 | RMD160 (perl-5.10.0.tar.gz) = c6614fc99a162790a703f91085b24a60af903ba2 | |
5 | Size (perl-5.10.0.tar.gz) = 15595020 bytes | 5 | Size (perl-5.10.0.tar.gz) = 15595020 bytes | |
6 | SHA1 (patch-aa) = 5bd44a8076cf27e2deac52240af7f3898865859c | 6 | SHA1 (patch-aa) = 5bd44a8076cf27e2deac52240af7f3898865859c | |
7 | SHA1 (patch-ab) = e32427327192f023477b16f29bc55fdf4f057410 | 7 | SHA1 (patch-ab) = e32427327192f023477b16f29bc55fdf4f057410 | |
8 | SHA1 (patch-ah) = 1d2f4049dcc8dafcd0eafad36a74531dc7f305c9 | 8 | SHA1 (patch-ah) = 1d2f4049dcc8dafcd0eafad36a74531dc7f305c9 | |
9 | SHA1 (patch-aq) = 3ece22678e3e6dcd3cf641e6389ff203cbe351b9 | 9 | SHA1 (patch-aq) = 3ece22678e3e6dcd3cf641e6389ff203cbe351b9 | |
10 | SHA1 (patch-as) = 8656cb4d9baf43dd92f4c467aaa40802d4c43239 | 10 | SHA1 (patch-as) = 8656cb4d9baf43dd92f4c467aaa40802d4c43239 | |
11 | SHA1 (patch-ba) = dc150656628e83e25c99f246a0fb30906d185184 | 11 | SHA1 (patch-ba) = dc150656628e83e25c99f246a0fb30906d185184 | |
12 | SHA1 (patch-ca) = 47db0530a705b8086b2bfc58491f9b56de4b9e12 | 12 | SHA1 (patch-ca) = 47db0530a705b8086b2bfc58491f9b56de4b9e12 | |
13 | SHA1 (patch-ch) = 5b6a89c82e158bab0a5f06add48c28e600678099 | 13 | SHA1 (patch-ch) = 5b6a89c82e158bab0a5f06add48c28e600678099 | |
14 | SHA1 (patch-ci) = 70531d44b6e2cb7a7ab9fb20ffe91d97e5c03e3a | 14 | SHA1 (patch-ci) = 70531d44b6e2cb7a7ab9fb20ffe91d97e5c03e3a | |
15 | SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097 | 15 | SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097 | |
16 | SHA1 (patch-cn) = 7ca2b1ff19f8371637a34ec26779b37d74c74cca | 16 | SHA1 (patch-cn) = 7ca2b1ff19f8371637a34ec26779b37d74c74cca | |
17 | SHA1 (patch-co) = 811e5c391f9f9f72a3f52e6d590b0b4f1e851325 | 17 | SHA1 (patch-co) = 811e5c391f9f9f72a3f52e6d590b0b4f1e851325 | |
18 | SHA1 (patch-da) = 13f576db014ec90df319670703482c7276a1f543 | |||
18 | SHA1 (patch-ri) = fc838ec10cf601a580aa1f58eb93c3198a13ff71 | 19 | SHA1 (patch-ri) = fc838ec10cf601a580aa1f58eb93c3198a13ff71 | |
19 | SHA1 (patch-ta) = 60d9ef72db56b9f149f3995b3f526fc32a352bd7 | 20 | SHA1 (patch-ta) = 60d9ef72db56b9f149f3995b3f526fc32a352bd7 | |
20 | SHA1 (patch-zc) = a23002397ffaebb243f7683c95c8fb227af90f49 | 21 | SHA1 (patch-zc) = a23002397ffaebb243f7683c95c8fb227af90f49 | |
21 | SHA1 (patch-zd) = ee67148b8f44fb3826273574abb62ad9ca4ffa7f | 22 | SHA1 (patch-zd) = ee67148b8f44fb3826273574abb62ad9ca4ffa7f |
$NetBSD
Fixes for CVE-2008-2827 and CVE-2008-5302, taken from:
http://rt.cpan.org/Public/Bug/Display.html?id=36982
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=85;filename=sid_fix_file_path;att=2;bug=286905
--- lib/File/Path.pm.orig 2007-12-18 10:47:07.000000000 +0000
+++ lib/File/Path.pm 2008-12-08 12:54:44.000000000 +0000
@@ -316,10 +316,8 @@
print "skipped $root\n" if $arg->{verbose};
next ROOT_DIR;
}
- if (!chmod $perm | 0700, $root) {
- if ($Force_Writeable) {
- _error($arg, "cannot make directory writeable", $canon);
- }
+ if ($Force_Writeable && !chmod $perm | 0700, $root) {
+ _error($arg, "cannot make directory writeable", $canon);
}
print "rmdir $root\n" if $arg->{verbose};
if (rmdir $root) {
@@ -328,7 +326,7 @@
}
else {
_error($arg, "cannot remove directory", $canon);
- if (!chmod($perm, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
+ if ($Force_Writeable && !chmod($perm, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
) {
_error($arg, sprintf("cannot restore permissions to 0%o",$perm), $canon);
}
@@ -350,9 +348,9 @@
next ROOT_DIR;
}
- my $nperm = $perm & 07777 | 0600;
- if ($nperm != $perm and not chmod $nperm, $root) {
- if ($Force_Writeable) {
+ if ($Force_Writeable) {
+ my $nperm = $perm & 07777 | 0600;
+ if ($nperm != $perm and not chmod $nperm, $root) {
_error($arg, "cannot make file writeable", $canon);
}
}