pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/perl5 Add fixes for CVE-2008-2827 and CVE-2008-53...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b91104dfa812
branches: trunk
changeset: 551138:b91104dfa812
user: tron <tron%pkgsrc.org@localhost>
date: Mon Dec 08 13:34:46 2008 +0000
description:
Add fixes for CVE-2008-2827 and CVE-2008-5302 from CPAN respectively
Debian. While there also fix two check interpreter warnings.
diffstat:
lang/perl5/Makefile | 6 ++++--
lang/perl5/distinfo | 3 ++-
lang/perl5/patches/patch-da | 44 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 50 insertions(+), 3 deletions(-)
diffs (88 lines):
diff -r a10b36e3d15e -r b91104dfa812 lang/perl5/Makefile
--- a/lang/perl5/Makefile Mon Dec 08 13:09:59 2008 +0000
+++ b/lang/perl5/Makefile Mon Dec 08 13:34:46 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.143 2008/11/14 18:27:00 joerg Exp $
+# $NetBSD: Makefile,v 1.144 2008/12/08 13:34:46 tron Exp $
DISTNAME= perl-5.10.0
CATEGORIES= lang devel perl5
-PKGREVISION= 2
+PKGREVISION= 3
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:S,/modules/by-module/$,/src/,}
DISTFILES+= ${DISTNAME}${EXTRACT_SUFX}
@@ -270,6 +270,8 @@
REPLACE_PERL+= lib/Class/ISA.pm
REPLACE_PERL+= lib/File/DosGlob.pm
REPLACE_PERL+= lib/version.pm
+REPLACE_PERL+= lib/Math/BigFloat/Trace.pm
+REPLACE_PERL+= lib/Math/BigInt/Trace.pm
# And replace a perl interpreter during the pre-install stage
# I think this may be a bootstrap script, so can't use REPLACE_PERL
diff -r a10b36e3d15e -r b91104dfa812 lang/perl5/distinfo
--- a/lang/perl5/distinfo Mon Dec 08 13:09:59 2008 +0000
+++ b/lang/perl5/distinfo Mon Dec 08 13:34:46 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.53 2008/12/08 12:46:13 schwarz Exp $
+$NetBSD: distinfo,v 1.54 2008/12/08 13:34:47 tron Exp $
SHA1 (perl-5.10.0.tar.gz) = adf73606dd5248af7ccdd735bcaa0e628ea75b3c
RMD160 (perl-5.10.0.tar.gz) = c6614fc99a162790a703f91085b24a60af903ba2
@@ -15,6 +15,7 @@
SHA1 (patch-ck) = 28207b8186c9ad194a1edc696159915bc16d1097
SHA1 (patch-cn) = 7ca2b1ff19f8371637a34ec26779b37d74c74cca
SHA1 (patch-co) = 811e5c391f9f9f72a3f52e6d590b0b4f1e851325
+SHA1 (patch-da) = 13f576db014ec90df319670703482c7276a1f543
SHA1 (patch-ri) = fc838ec10cf601a580aa1f58eb93c3198a13ff71
SHA1 (patch-ta) = 60d9ef72db56b9f149f3995b3f526fc32a352bd7
SHA1 (patch-zc) = a23002397ffaebb243f7683c95c8fb227af90f49
diff -r a10b36e3d15e -r b91104dfa812 lang/perl5/patches/patch-da
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/perl5/patches/patch-da Mon Dec 08 13:34:46 2008 +0000
@@ -0,0 +1,44 @@
+$NetBSD
+
+Fixes for CVE-2008-2827 and CVE-2008-5302, taken from:
+
+http://rt.cpan.org/Public/Bug/Display.html?id=36982
+http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=85;filename=sid_fix_file_path;att=2;bug=286905
+
+--- lib/File/Path.pm.orig 2007-12-18 10:47:07.000000000 +0000
++++ lib/File/Path.pm 2008-12-08 12:54:44.000000000 +0000
+@@ -316,10 +316,8 @@
+ print "skipped $root\n" if $arg->{verbose};
+ next ROOT_DIR;
+ }
+- if (!chmod $perm | 0700, $root) {
+- if ($Force_Writeable) {
+- _error($arg, "cannot make directory writeable", $canon);
+- }
++ if ($Force_Writeable && !chmod $perm | 0700, $root) {
++ _error($arg, "cannot make directory writeable", $canon);
+ }
+ print "rmdir $root\n" if $arg->{verbose};
+ if (rmdir $root) {
+@@ -328,7 +326,7 @@
+ }
+ else {
+ _error($arg, "cannot remove directory", $canon);
+- if (!chmod($perm, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
++ if ($Force_Writeable && !chmod($perm, ($Is_VMS ? VMS::Filespec::fileify($root) : $root))
+ ) {
+ _error($arg, sprintf("cannot restore permissions to 0%o",$perm), $canon);
+ }
+@@ -350,9 +348,9 @@
+ next ROOT_DIR;
+ }
+
+- my $nperm = $perm & 07777 | 0600;
+- if ($nperm != $perm and not chmod $nperm, $root) {
+- if ($Force_Writeable) {
++ if ($Force_Writeable) {
++ my $nperm = $perm & 07777 | 0600;
++ if ($nperm != $perm and not chmod $nperm, $root) {
+ _error($arg, "cannot make file writeable", $canon);
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index