Mon Dec 8 13:34:47 2008 UTC ()

Add fixes for CVE-2008-2827 and CVE-2008-5302 from CPAN respectively
Debian. While there also fix two check interpreter warnings.


(tron)

diff -r1.143 -r1.144 pkgsrc/lang/perl5/Makefile
diff -r1.53 -r1.54 pkgsrc/lang/perl5/distinfo
diff -r0 -r1.4 pkgsrc/lang/perl5/patches/patch-da

--- pkgsrc/lang/perl5/Makefile 2008/11/14 18:27:00 1.143
+++ pkgsrc/lang/perl5/Makefile 2008/12/08 13:34:46 1.144

 @@ -1,18 +1,18 @@
-# $NetBSD: Makefile,v 1.143 2008/11/14 18:27:00 joerg Exp $
+# $NetBSD: Makefile,v 1.144 2008/12/08 13:34:46 tron Exp $
 DISTNAME=	perl-5.10.0
 CATEGORIES=	lang devel perl5
-PKGREVISION=	2
+PKGREVISION=	3
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
 DISTFILES+=	${DISTNAME}${EXTRACT_SUFX}
 MAINTAINER=	jlam@pkgsrc.org
 HOMEPAGE=	http://www.perl.org/
 COMMENT=	Practical Extraction and Report Language
 #LICENSE=	gnu-gpl-v2
 PKG_DESTDIR_SUPPORT=	user-destdir
 CONFLICTS=	perl-base-[0-9]* perl-thread-[0-9]*			\
 		p5-CGI-2.66 p5-CGI-2.75 p5-CGI-2.75.[0-2]
 @@ -260,26 +260,28 @@ CONFIGURE_ARGS+=	-Duse64bitint
 .  endif
 .endif
 # Remove a spurious workdir reference
 SUBST_CLASSES+=		rm
 SUBST_STAGE.rm=		pre-install
 SUBST_FILES.rm=		lib/Config_heavy.pl
 SUBST_SED.rm=	-e "s!^rm_try='/.*/\.tools/bin/rm -f!rm_try='/bin/rm -f!"
 # Replace our perl as the interpreter
 REPLACE_PERL+=		lib/Class/ISA.pm
 REPLACE_PERL+=		lib/File/DosGlob.pm
 REPLACE_PERL+=		lib/version.pm
 REPLACE_PERL+=		lib/Math/BigFloat/Trace.pm
 REPLACE_PERL+=		lib/Math/BigInt/Trace.pm
 # And replace a perl interpreter during the pre-install stage
 # I think this may be a bootstrap script, so can't use REPLACE_PERL
 # because that is acted upon already in the pre-configure stage
 SUBST_CLASSES+=		miniperl
 SUBST_STAGE.miniperl=	pre-install
 SUBST_FILES.miniperl=	lib/ExtUtils/xsubpp
 SUBST_SED.miniperl=	-e "1s:\#!./miniperl:\#!${PERL5}:"
 # Some platforms may want the directory mode not to be 0755.  This
 # is, unfortunately, hardcoded in quite a few places in Perl, so
 # let's substitute what pkgsrc says instead.
+#

--- pkgsrc/lang/perl5/distinfo 2008/12/08 12:46:13 1.53
+++ pkgsrc/lang/perl5/distinfo 2008/12/08 13:34:47 1.54

 @@ -1,21 +1,22 @@
-$NetBSD: distinfo,v 1.53 2008/12/08 12:46:13 schwarz Exp $
+$NetBSD: distinfo,v 1.54 2008/12/08 13:34:47 tron Exp $
 SHA1 (perl-5.10.0.tar.gz) = adf73606dd5248af7ccdd735bcaa0e628ea75b3c
 RMD160 (perl-5.10.0.tar.gz) = c6614fc99a162790a703f91085b24a60af903ba2
 Size (perl-5.10.0.tar.gz) = 15595020 bytes
 SHA1 (patch-aa) = 5bd44a8076cf27e2deac52240af7f3898865859c
 SHA1 (patch-ab) = e32427327192f023477b16f29bc55fdf4f057410
 SHA1 (patch-ah) = 1d2f4049dcc8dafcd0eafad36a74531dc7f305c9
 SHA1 (patch-aq) = 3ece22678e3e6dcd3cf641e6389ff203cbe351b9
 SHA1 (patch-as) = 8656cb4d9baf43dd92f4c467aaa40802d4c43239
 SHA1 (patch-ba) = dc150656628e83e25c99f246a0fb30906d185184
 SHA1 (patch-ca) = 47db0530a705b8086b2bfc58491f9b56de4b9e12
 SHA1 (patch-ch) = 5b6a89c82e158bab0a5f06add48c28e600678099
 SHA1 (patch-ci) = 70531d44b6e2cb7a7ab9fb20ffe91d97e5c03e3a
 SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097
 SHA1 (patch-cn) = 7ca2b1ff19f8371637a34ec26779b37d74c74cca
 SHA1 (patch-co) = 811e5c391f9f9f72a3f52e6d590b0b4f1e851325
 SHA1 (patch-da) = 13f576db014ec90df319670703482c7276a1f543
 SHA1 (patch-ri) = fc838ec10cf601a580aa1f58eb93c3198a13ff71
 SHA1 (patch-ta) = 60d9ef72db56b9f149f3995b3f526fc32a352bd7
 SHA1 (patch-zc) = a23002397ffaebb243f7683c95c8fb227af90f49
 SHA1 (patch-zd) = ee67148b8f44fb3826273574abb62ad9ca4ffa7f

$NetBSD

Fixes for CVE-2008-2827 and CVE-2008-5302, taken from:

http://rt.cpan.org/Public/Bug/Display.html?id=36982
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=85;filename=sid_fix_file_path;att=2;bug=286905

--- lib/File/Path.pm.orig	2007-12-18 10:47:07.000000000 +0000
+++ lib/File/Path.pm	2008-12-08 12:54:44.000000000 +0000
@@ -316,10 +316,8 @@
                     print "skipped $root\n" if $arg->{verbose};
                     next ROOT_DIR;
                 }
-                if (!chmod $perm | 0700, $root) {
-                    if ($Force_Writeable) {
-                        _error($arg, "cannot make directory writeable", $canon);
-                    }
+                if ($Force_Writeable && !chmod $perm | 0700, $root) {
+                    _error($arg, "cannot make directory writeable", $canon);
                 }
                 print "rmdir $root\n" if $arg->{verbose};
                 if (rmdir $root) {
@@ -328,7 +326,7 @@
                 }
                 else {
                     _error($arg, "cannot remove directory", $canon);
-                    if (!chmod($perm, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
+                    if ($Force_Writeable && !chmod($perm, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
                     ) {
                         _error($arg, sprintf("cannot restore permissions to 0%o",$perm), $canon);
                     }
@@ -350,9 +348,9 @@
                 next ROOT_DIR;
             }
 
-            my $nperm = $perm & 07777 | 0600;
-            if ($nperm != $perm and not chmod $nperm, $root) {
-                if ($Force_Writeable) {
+            if ($Force_Writeable) {
+                my $nperm = $perm & 07777 | 0600;
+                if ($nperm != $perm and not chmod $nperm, $root) {
                     _error($arg, "cannot make file writeable", $canon);
                 }
             }