Re: CVS commit: pkgsrc/shells/zsh

To: Tonnerre Lombard <tonnerre%netbsd.org@localhost>
Subject: Re: CVS commit: pkgsrc/shells/zsh
From: Geert Hendrickx <ghen%telenet.be@localhost>
Date: Thu, 17 Jul 2008 11:59:43 +0200

On Sun, Jul 13, 2008 at 06:22:01PM +0000, Tonnerre Lombard wrote:
> 
> Module Name:  pkgsrc
> Committed By: tonnerre
> Date:         Sun Jul 13 18:22:01 UTC 2008
> 
> Modified Files:
>       pkgsrc/shells/zsh: Makefile Makefile.common distinfo
> Added Files:
>       pkgsrc/shells/zsh/patches: patch-aa
> 
> Log Message:
> Fix an insecure temp file creation vulnerability in zsh's difflog.pl
> (CVE-2007-6209).


@@ -23,6 +23,8 @@ USE_TOOLS+=           makeinfo
 INFO_FILES=            # PLIST
 TEXINFO_REQD=          4.0
 
+DEPENDS+=      p5-File-Temp-[0-9]*:../../devel/p5-File-Temp
+
 PKG_INSTALLATION_TYPES=        overwrite pkgviews
 
 .include "../../mk/bsd.prefs.mk"


Isn't it a bit strange for a package to depend on a perl module while it does
not depend on perl?  Btw, do we install the affected perl script at all?

I don't want my shell to have a dependency on perl just because of a script
that is included for the benefit of zsh developers only[1]...

        Geert


[1] http://www.zsh.org/mla/workers/2007/msg01061.html

Follow-Ups:
- Re: CVS commit: pkgsrc/shells/zsh
  - From: Tonnerre Lombard

References:
- CVS commit: pkgsrc/shells/zsh
  - From: Tonnerre Lombard

Prev by Date: CVS commit: pkgsrc/devel/p5-Clone
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/shells/zsh
Next by Thread: Re: CVS commit: pkgsrc/shells/zsh
Indexes:

Home | Main Index | Thread Index | Old Index