diff options
| author | tron <tron@pkgsrc.org> | 2011-12-07 08:33:11 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2011-12-07 08:33:11 +0000 |
| commit | f58fa17dfca2e418ceaa549dff6feb1677da55ae (patch) | |
| tree | 7b6c5df3c4f840545fdca87507842f8d4cb5dbe9 | |
| parent | 7b9ff39294f287046b8920d9b48758c4845dc668 (diff) | |
| download | pkgsrc-f58fa17dfca2e418ceaa549dff6feb1677da55ae.tar.gz | |
Pullup ticket #3625 - requested by gls
devel/p5-PAR: security update
Revisions pulled up:
- devel/p5-PAR/Makefile 1.17
- devel/p5-PAR/distinfo 1.7
---
Module Name: pkgsrc
Committed By: gls
Date: Sun Dec 4 20:52:25 UTC 2011
Modified Files:
pkgsrc/devel/p5-PAR: Makefile distinfo
Log Message:
Update devel/p5-PAR to 1.005.
Includes a fix for CVE 2011-4114.
Upstream changes:
[Changes for 1.005 - Dec 2, 2011]
- run all tests using a nonce PAR_TMPDIR (otherwise CPAN Testers
goes crazy as top level /tmp/par-USER directories (or similar)
from previous tests may now be considered "unsafe")
[Changes for 1.004 - Nov 30, 2011]
- back out r1241: it causes errors in PAR::Packer's test suite
- change "unsafe directory" error message to match the wording
used by PAR::Packer
- remove "debian" sub directory: it isn't released to CPAN and
Debian will supply its own anyway
- remove some cruft from MANIFEST.SKIP
[Changes for 1.003 - Nov 28, 2011]
- RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe
and predictable temporary directories
(Note: this bug was originally reported against PAR::Packer, but
it applies to PAR as well)
- create parent of cache directory (i.e. /tmp/par-USER) with mode 0700
- if it already exists, make sure that (and bail out if not)
- it's not a symlink
- it's mode 0700
- it's owned by USER
- Fix a problem packing XML::LibXSLT on Windows (see the thread starting
with http://www.nntp.perl.org/group/perl.par/2011/02/msg4919.html)
- Die (with a hopefully useful message) if any error is encountered
during an Archive::Zip extract operation
| -rw-r--r-- | devel/p5-PAR/Makefile | 7 | ||||
| -rw-r--r-- | devel/p5-PAR/distinfo | 8 |
2 files changed, 7 insertions, 8 deletions
diff --git a/devel/p5-PAR/Makefile b/devel/p5-PAR/Makefile index 2f81943c37c..69a7e646d2b 100644 --- a/devel/p5-PAR/Makefile +++ b/devel/p5-PAR/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.16 2011/08/14 12:26:25 obache Exp $ +# $NetBSD: Makefile,v 1.16.2.1 2011/12/07 08:33:11 tron Exp $ # -DISTNAME= PAR-1.002 +DISTNAME= PAR-1.005 PKGNAME= p5-${DISTNAME} -PKGREVISION= 1 CATEGORIES= devel -MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=PAR/} +MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=PAR/RSCHUPP/} MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://search.cpan.org/dist/PAR/ diff --git a/devel/p5-PAR/distinfo b/devel/p5-PAR/distinfo index f818461b475..319cf8da903 100644 --- a/devel/p5-PAR/distinfo +++ b/devel/p5-PAR/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.6 2010/08/25 19:47:19 sno Exp $ +$NetBSD: distinfo,v 1.6.10.1 2011/12/07 08:33:11 tron Exp $ -SHA1 (PAR-1.002.tar.gz) = 8ec29e9ce78190805aecbe7c969a96585ec8374b -RMD160 (PAR-1.002.tar.gz) = d2403a33799855654fab8f38af85d6d180f03d73 -Size (PAR-1.002.tar.gz) = 90208 bytes +SHA1 (PAR-1.005.tar.gz) = 2d9c1ff3a243607374e3f9f1fb61c3d1bb4d8dc1 +RMD160 (PAR-1.005.tar.gz) = 4dd6ae986d65d64ad5740fe75e5e030d1811faca +Size (PAR-1.005.tar.gz) = 88293 bytes |